Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QBzLk3iR7m.exe

Overview

General Information

Sample name:QBzLk3iR7m.exe
renamed because original name is a hash value
Original sample name:4861b5b451b9b47a69184f6b220de01c.exe
Analysis ID:1580928
MD5:4861b5b451b9b47a69184f6b220de01c
SHA1:593ff62d3b33c9763c1953cabfec02a0942124db
SHA256:4ef6a31cebbf51e7f0a29cf39edaa3513c363f289dafde0ba1ccf34be46edd71
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • QBzLk3iR7m.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\QBzLk3iR7m.exe" MD5: 4861B5B451B9B47A69184F6B220DE01C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["talkynicer.lat", "wordyfindy.lat", "bashfulacid.lat", "observerfry.lat", "shapestickyr.lat", "curverpluch.lat", "slipperyloo.lat", "manyrestro.lat", "tentabatte.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:08.285120+010020283713Unknown Traffic192.168.2.449730104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:06.517447+010020584801Domain Observed Used for C2 Detected192.168.2.4584081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:06.231356+010020584841Domain Observed Used for C2 Detected192.168.2.4643561.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:05.801107+010020584921Domain Observed Used for C2 Detected192.168.2.4581621.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:05.944451+010020585001Domain Observed Used for C2 Detected192.168.2.4616381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:05.657923+010020585021Domain Observed Used for C2 Detected192.168.2.4606601.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:06.086509+010020585101Domain Observed Used for C2 Detected192.168.2.4590871.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:06.372489+010020585121Domain Observed Used for C2 Detected192.168.2.4592331.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:05.516637+010020585141Domain Observed Used for C2 Detected192.168.2.4547351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:17:09.128085+010028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: QBzLk3iR7m.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://manyrestro.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://tentabatte.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://talkynicer.lat:443/apibgAvira URL Cloud: Label: malware
    Source: https://bashfulacid.lat:443/apiAvira URL Cloud: Label: malware
    Found malware configuration
    Source: QBzLk3iR7m.exe.6752.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["talkynicer.lat", "wordyfindy.lat", "bashfulacid.lat", "observerfry.lat", "shapestickyr.lat", "curverpluch.lat", "slipperyloo.lat", "manyrestro.lat", "tentabatte.lat"], "Build id": "PsFKDg--pablo"}
    Multi AV Scanner detection for submitted file
    Source: QBzLk3iR7m.exeVirustotal: Detection: 56%Perma Link
    Source: QBzLk3iR7m.exeReversingLabs: Detection: 68%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: QBzLk3iR7m.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000003.1747410305.0000000005150000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
    Source: QBzLk3iR7m.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ebx0_2_00A08600
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00A41720
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00A08A50
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov esi, ecx0_2_00A290D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00A2E0DA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A281CC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A2D116
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00A41160
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov eax, dword ptr [00A46130h]0_2_00A18169
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_00A2B170
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A2D17D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00A36210
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00A073D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00A073D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A283D8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A1C300
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00A40340
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00A2D34A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_00A2C465
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00A2C465
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00A1747D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov word ptr [edx], di0_2_00A1747D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov eax, ebx0_2_00A27440
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00A27440
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edi, ecx0_2_00A2A5B6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A28528
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_00A1B57D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00A406F0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_00A09780
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then jmp edx0_2_00A237D6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then jmp eax0_2_00A29739
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00A27740
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov eax, ebx0_2_00A1C8A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_00A1C8A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_00A1C8A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_00A1C8A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A1D8AC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A1D8AC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ecx0_2_00A1B8F6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ecx0_2_00A1B8F6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A1D8D8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A1D8D8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A22830
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_00A3C830
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then push esi0_2_00A0C805
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00A2C850
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then jmp edx0_2_00A239B9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00A239B9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00A2B980
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_00A3C990
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A289E9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00A2AAC0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then dec edx0_2_00A3FA20
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00A21A10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_00A3CA40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_00A1EB80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ecx0_2_00A18B12
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then dec edx0_2_00A3FB10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_00A0AB40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00A14CA0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_00A0CC7A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_00A3CDF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_00A3CDF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_00A3CDF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_00A3CDF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00A2DDFF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_00A3EDC1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00A40D20
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ecx0_2_00A26D2E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then dec edx0_2_00A3FD70
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_00A02EB0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edx, ecx0_2_00A29E80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then dec edx0_2_00A3FE00
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00A2DE07
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A22E6D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then jmp edx0_2_00A22E6D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00A22E6D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov ecx, eax0_2_00A2BF13
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00A25F1B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00A16F52

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.4:54735 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.4:61638 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.4:58162 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.4:59087 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.4:59233 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.4:58408 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.4:64356 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.4:60660 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: talkynicer.lat
    Source: Malware configuration extractorURLs: wordyfindy.lat
    Source: Malware configuration extractorURLs: bashfulacid.lat
    Source: Malware configuration extractorURLs: observerfry.lat
    Source: Malware configuration extractorURLs: shapestickyr.lat
    Source: Malware configuration extractorURLs: curverpluch.lat
    Source: Malware configuration extractorURLs: slipperyloo.lat
    Source: Malware configuration extractorURLs: manyrestro.lat
    Source: Malware configuration extractorURLs: tentabatte.lat
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=75c7ff300415049427db0fc1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:17:08 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=75c7ff300415049427db0fc1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:17:08 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: observerfry.lat
    Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
    Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
    Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
    Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
    Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
    Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
    Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
    Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bashfulacid.lat:443/api
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://manyrestro.lat:443/api
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/api
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1789948521.000000000147E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/l
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1789948521.000000000147E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790239951.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/q
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900$gJ
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790239951.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://talkynicer.lat:443/apibg
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tentabatte.lat:443/api
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: QBzLk3iR7m.exeStatic PE information: section name:
    Source: QBzLk3iR7m.exeStatic PE information: section name: .idata
    Source: QBzLk3iR7m.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0B1000_2_00A0B100
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A086000_2_00A08600
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6B0AA0_2_00A6B0AA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8B0A70_2_00A8B0A7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A920B80_2_00A920B8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A610B50_2_00A610B5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A940880_2_00A94088
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC50840_2_00AC5084
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A960870_2_00A96087
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A650920_2_00A65092
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B390860_2_00B39086
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA209D0_2_00AA209D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A740E60_2_00A740E6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A160E90_2_00A160E9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A810F40_2_00A810F4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2A0CA0_2_00A2A0CA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABE0C50_2_00ABE0C5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C90_2_00BC80C9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A980D50_2_00A980D5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB30D60_2_00AB30D6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0D0210_2_00A0D021
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1D0030_2_00A1D003
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9F00E0_2_00A9F00E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABA01B0_2_00ABA01B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD10190_2_00AD1019
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7E01D0_2_00A7E01D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BB80670_2_00BB8067
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6A0420_2_00A6A042
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC30510_2_00AC3051
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAD1AE0_2_00AAD1AE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD51A70_2_00AD51A7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A291AE0_2_00A291AE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC01B80_2_00AC01B8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A661B00_2_00A661B0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB41B20_2_00AB41B2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2E1800_2_00A2E180
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3F18B0_2_00A3F18B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9E1840_2_00A9E184
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC318B0_2_00BC318B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAF1960_2_00AAF196
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA51940_2_00AA5194
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A781980_2_00A78198
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9C1E30_2_00A9C1E3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8D1FC0_2_00A8D1FC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A281CC0_2_00A281CC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB01C40_2_00AB01C4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A631D40_2_00A631D4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAC1DD0_2_00AAC1DD
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC61240_2_00AC6124
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BCD1240_2_00BCD124
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C9A1610_2_00C9A161
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD61140_2_00AD6114
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A881120_2_00A88112
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A061600_2_00A06160
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A181690_2_00A18169
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A861730_2_00A86173
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9A1580_2_00A9A158
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A721540_2_00A72154
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9D15A0_2_00A9D15A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAE15E0_2_00AAE15E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA01570_2_00AA0157
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD32AA0_2_00AD32AA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABF2A40_2_00ABF2A4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC22BB0_2_00AC22BB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9A2B30_2_00A9A2B3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACC2B70_2_00ACC2B7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD728F0_2_00AD728F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A392800_2_00A39280
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACF2890_2_00ACF289
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6D2900_2_00A6D290
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7D2EB0_2_00A7D2EB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A682D60_2_00A682D6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A242D00_2_00A242D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1E2200_2_00A1E220
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A112270_2_00A11227
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A852230_2_00A85223
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAA23A0_2_00AAA23A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A692350_2_00A69235
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA820A0_2_00AA820A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA62020_2_00AA6202
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB721B0_2_00AB721B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8A2620_2_00A8A262
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A042700_2_00A04270
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB625D0_2_00AB625D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABE25C0_2_00ABE25C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7E25A0_2_00A7E25A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6F3AD0_2_00A6F3AD
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A973A20_2_00A973A2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA73890_2_00AA7389
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9E3820_2_00A9E382
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A993860_2_00A99386
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABA39E0_2_00ABA39E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACB3950_2_00ACB395
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7A39A0_2_00A7A39A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A983F90_2_00A983F9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A803FA0_2_00A803FA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB23F70_2_00AB23F7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0F3C00_2_00A0F3C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB13CF0_2_00AB13CF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC03CB0_2_00AC03CB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A793CA0_2_00A793CA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A073D00_2_00A073D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A733D10_2_00A733D1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A283D80_2_00A283D8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB43280_2_00AB4328
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8F3390_2_00A8F339
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC13340_2_00AC1334
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA130C0_2_00AA130C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B1B31D0_2_00B1B31D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A093100_2_00A09310
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A873130_2_00A87313
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD03600_2_00AD0360
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2F3770_2_00A2F377
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A213400_2_00A21340
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC834E0_2_00AC834E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9234F0_2_00A9234F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2D34A0_2_00A2D34A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9B3400_2_00A9B340
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAB35F0_2_00AAB35F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD435A0_2_00AD435A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A704A70_2_00A704A7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A884AB0_2_00A884AB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BBC49F0_2_00BBC49F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A744950_2_00A74495
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC349F0_2_00AC349F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A224E00_2_00A224E0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA04F80_2_00AA04F8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0D4F30_2_00A0D4F3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9D4FD0_2_00A9D4FD
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A204C60_2_00A204C6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB842F0_2_00AB842F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7242F0_2_00A7242F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A714300_2_00A71430
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABC4180_2_00ABC418
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A404600_2_00A40460
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A934720_2_00A93472
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1747D0_2_00A1747D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA14760_2_00AA1476
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7C4460_2_00A7C446
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABF44A0_2_00ABF44A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A274400_2_00A27440
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3A4400_2_00A3A440
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A644420_2_00A64442
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD24470_2_00AD2447
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A814450_2_00A81445
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3C5A00_2_00A3C5A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA95A60_2_00AA95A6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC65A10_2_00BC65A1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC25B10_2_00AC25B1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8A58A0_2_00A8A58A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA558F0_2_00AA558F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A865860_2_00A86586
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB05850_2_00AB0585
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA35990_2_00AA3599
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD859E0_2_00AD859E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC95980_2_00AC9598
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A065F00_2_00A065F0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A905CC0_2_00A905CC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD75C80_2_00AD75C8
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAC5CD0_2_00AAC5CD
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3A5D40_2_00A3A5D4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8D5DF0_2_00A8D5DF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC05390_2_00AC0539
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC75370_2_00AC7537
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD15360_2_00AD1536
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2C53C0_2_00A2C53C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9A51D0_2_00A9A51D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A245600_2_00A24560
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9C56A0_2_00A9C56A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC55790_2_00AC5579
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD55410_2_00AD5541
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAD5450_2_00AAD545
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9155F0_2_00A9155F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A856B30_2_00A856B3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8E6B40_2_00A8E6B4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0E6870_2_00A0E687
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6968A0_2_00A6968A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A406F00_2_00A406F0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD66FA0_2_00AD66FA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB36C50_2_00AB36C5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB66C50_2_00AB66C5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A246D00_2_00A246D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC86D40_2_00AC86D4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6B62D0_2_00A6B62D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1E6300_2_00A1E630
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA86340_2_00AA8634
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACE6070_2_00ACE607
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABD6070_2_00ABD607
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0F60D0_2_00A0F60D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1961B0_2_00A1961B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A846650_2_00A84665
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6767E0_2_00A6767E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABB64B0_2_00ABB64B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC16470_2_00AC1647
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A386500_2_00A38650
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9E7AB0_2_00A9E7AB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A957AA0_2_00A957AA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB97A70_2_00AB97A7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACA7A20_2_00ACA7A2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A767B90_2_00A767B9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A097800_2_00A09780
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6079C0_2_00A6079C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B2A78C0_2_00B2A78C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A997EF0_2_00A997EF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7E7F70_2_00A7E7F7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A157C00_2_00A157C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A777C00_2_00A777C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A737CA0_2_00A737CA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA47D20_2_00AA47D2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7B7360_2_00A7B736
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A297390_2_00A29739
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD57330_2_00AD5733
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6F7150_2_00A6F715
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA67190_2_00AA6719
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD47190_2_00AD4719
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A877710_2_00A87771
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A277400_2_00A27740
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A127500_2_00A12750
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1C8A00_2_00A1C8A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA08AF0_2_00AA08AF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A388B00_2_00A388B0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A818890_2_00A81889
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABF8980_2_00ABF898
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A848EB0_2_00A848EB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1B8F60_2_00A1B8F6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A038C00_2_00A038C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A668C00_2_00A668C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A828CF0_2_00A828CF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC58C30_2_00AC58C3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A338D00_2_00A338D0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A948DF0_2_00A948DF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A748DE0_2_00A748DE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A708DB0_2_00A708DB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A838200_2_00A83820
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0D83C0_2_00A0D83C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BCB8190_2_00BCB819
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8581E0_2_00A8581E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6D86C0_2_00A6D86C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB787F0_2_00AB787F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9C8720_2_00A9C872
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0C8400_2_00A0C840
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B5385C0_2_00B5385C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7D84B0_2_00A7D84B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8E8540_2_00A8E854
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC29A00_2_00AC29A0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A839B00_2_00A839B0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A239B90_2_00A239B9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD59890_2_00AD5989
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A409E00_2_00A409E0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2C9EB0_2_00A2C9EB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAF9E60_2_00AAF9E6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6C9DE0_2_00A6C9DE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9193C0_2_00A9193C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9B9360_2_00A9B936
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A059000_2_00A05900
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACA90F0_2_00ACA90F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9290C0_2_00A9290C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD89020_2_00AD8902
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A269100_2_00A26910
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9F9150_2_00A9F915
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1E9600_2_00A1E960
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC196D0_2_00BC196D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC697F0_2_00AC697F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9895B0_2_00A9895B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD29580_2_00AD2958
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC1AAC0_2_00AC1AAC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD2AAF0_2_00AD2AAF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6BAAB0_2_00A6BAAB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A91AB90_2_00A91AB9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B97AA50_2_00B97AA5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC0AB00_2_00AC0AB0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A28ABC0_2_00A28ABC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A39A800_2_00A39A80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACFA800_2_00ACFA80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A62A930_2_00A62A93
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABBA930_2_00ABBA93
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A84AE40_2_00A84AE4
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A98AC50_2_00A98AC5
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD1AC00_2_00AD1AC0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A19AD00_2_00A19AD0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3FA200_2_00A3FA20
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABDA320_2_00ABDA32
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD3A340_2_00AD3A34
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A89A340_2_00A89A34
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A79A060_2_00A79A06
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A72A050_2_00A72A05
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A68A0A0_2_00A68A0A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A63A100_2_00A63A10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC5A120_2_00AC5A12
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB3A6B0_2_00AB3A6B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACEA630_2_00ACEA63
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A88A700_2_00A88A70
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3CA400_2_00A3CA40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A77A400_2_00A77A40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABEA430_2_00ABEA43
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A35A4F0_2_00A35A4F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3DA4D0_2_00A3DA4D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8FA5A0_2_00A8FA5A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8CA530_2_00A8CA53
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A04BA00_2_00A04BA0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A65BAF0_2_00A65BAF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AABBBB0_2_00AABBBB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACBBB20_2_00ACBBB2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1EB800_2_00A1EB80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AACB9B0_2_00AACB9B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8EB950_2_00A8EB95
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD6BF30_2_00AD6BF3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A90BF60_2_00A90BF6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A93BD30_2_00A93BD3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA8B280_2_00AA8B28
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A92B210_2_00A92B21
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB9B300_2_00AB9B30
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A18B120_2_00A18B12
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3FB100_2_00A3FB10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAAB680_2_00AAAB68
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0AB400_2_00A0AB40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB0B480_2_00AB0B48
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD4B500_2_00AD4B50
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A14CA00_2_00A14CA0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B7BCBB0_2_00B7BCBB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7EC880_2_00A7EC88
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C50CF90_2_00C50CF9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD0CE70_2_00AD0CE7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A31CF00_2_00A31CF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9CCD90_2_00A9CCD9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD8C230_2_00AD8C23
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB7C390_2_00AB7C39
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA0C3F0_2_00AA0C3F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A85C020_2_00A85C02
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6AC0B0_2_00A6AC0B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A33C100_2_00A33C10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A74C1B0_2_00A74C1B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A76C660_2_00A76C66
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B21C7C0_2_00B21C7C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACCC710_2_00ACCC71
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAFC490_2_00AAFC49
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A73C4E0_2_00A73C4E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6FC520_2_00A6FC52
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A37DA90_2_00A37DA9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A86D8C0_2_00A86D8C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB2D810_2_00AB2D81
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A68D920_2_00A68D92
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABADEA0_2_00ABADEA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC3DEE0_2_00AC3DEE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB5DE10_2_00AB5DE1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8FDE60_2_00A8FDE6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3CDF00_2_00A3CDF0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC5DF90_2_00AC5DF9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB3DF70_2_00AB3DF7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8DDF60_2_00A8DDF6
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A77DCB0_2_00A77DCB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A88DDB0_2_00A88DDB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA2DDC0_2_00AA2DDC
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAADDD0_2_00AAADDD
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD2DD70_2_00AD2DD7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9DDD70_2_00A9DDD7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A40D200_2_00A40D20
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A11D2B0_2_00A11D2B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8AD230_2_00A8AD23
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A26D2E0_2_00A26D2E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD5D200_2_00AD5D20
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A39D300_2_00A39D30
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7AD3E0_2_00A7AD3E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A21D000_2_00A21D00
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A66D040_2_00A66D04
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA1D6F0_2_00AA1D6F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9BD660_2_00A9BD66
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3FD700_2_00A3FD70
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A99D4D0_2_00A99D4D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA7D4E0_2_00AA7D4E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AADD400_2_00AADD40
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2CD4C0_2_00A2CD4C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC6D5F0_2_00AC6D5F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2CD5E0_2_00A2CD5E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A38EA00_2_00A38EA0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A02EB00_2_00A02EB0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABEEBB0_2_00ABEEBB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1AEB00_2_00A1AEB0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8CE810_2_00A8CE81
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA9E920_2_00AA9E92
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC0E960_2_00AC0E96
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACDE930_2_00ACDE93
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A96EED0_2_00A96EED
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACBEE10_2_00ACBEE1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A89E2B0_2_00A89E2B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB6E3A0_2_00AB6E3A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACFE350_2_00ACFE35
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3FE000_2_00A3FE00
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC4E1F0_2_00BC4E1F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD7E060_2_00AD7E06
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A61E0A0_2_00A61E0A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A9AE190_2_00A9AE19
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD3E190_2_00AD3E19
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AD1E1B0_2_00AD1E1B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A81E130_2_00A81E13
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2EE630_2_00A2EE63
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6BE640_2_00A6BE64
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA5E6C0_2_00AA5E6C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6CE610_2_00A6CE61
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A20E6C0_2_00A20E6C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A22E6D0_2_00A22E6D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC1E7C0_2_00AC1E7C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A2FE740_2_00A2FE74
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A76E470_2_00A76E47
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A0CE450_2_00A0CE45
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AC7E5B0_2_00AC7E5B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A91E520_2_00A91E52
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB8FAF0_2_00AB8FAF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A98F890_2_00A98F89
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8BF8A0_2_00A8BF8A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A60F820_2_00A60F82
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AB0F800_2_00AB0F80
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A72F940_2_00A72F94
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A83F9C0_2_00A83F9C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A8EF900_2_00A8EF90
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A94F900_2_00A94F90
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ABBFEA0_2_00ABBFEA
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A6BFEE0_2_00A6BFEE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00ACAFFE0_2_00ACAFFE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BBDF180_2_00BBDF18
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA3F090_2_00AA3F09
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A79F010_2_00A79F01
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA0F1A0_2_00AA0F1A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A25F1B0_2_00A25F1B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AACF100_2_00AACF10
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AAAF6B0_2_00AAAF6B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BB8F620_2_00BB8F62
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A7BF4D0_2_00A7BF4D
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A1DF500_2_00A1DF50
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A16F520_2_00A16F52
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A92F520_2_00A92F52
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00AA6F550_2_00AA6F55
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: String function: 00A14C90 appears 77 times
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: String function: 00A07F60 appears 40 times
    Source: QBzLk3iR7m.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: QBzLk3iR7m.exeStatic PE information: Section: ZLIB complexity 0.9994000204248366
    Source: QBzLk3iR7m.exeStatic PE information: Section: saftecpn ZLIB complexity 0.9948329161685595
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A32070 CoCreateInstance,0_2_00A32070
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: QBzLk3iR7m.exeVirustotal: Detection: 56%
    Source: QBzLk3iR7m.exeReversingLabs: Detection: 68%
    Source: QBzLk3iR7m.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile read: C:\Users\user\Desktop\QBzLk3iR7m.exeJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSection loaded: dpapi.dllJump to behavior
    Source: QBzLk3iR7m.exeStatic file information: File size 1885184 > 1048576
    Source: QBzLk3iR7m.exeStatic PE information: Raw size of saftecpn is bigger than: 0x100000 < 0x1a2400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeUnpacked PE file: 0.2.QBzLk3iR7m.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;saftecpn:EW;nvdqpret:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;saftecpn:EW;nvdqpret:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: QBzLk3iR7m.exeStatic PE information: real checksum: 0x1d36fc should be: 0x1d2a41
    Source: QBzLk3iR7m.exeStatic PE information: section name:
    Source: QBzLk3iR7m.exeStatic PE information: section name: .idata
    Source: QBzLk3iR7m.exeStatic PE information: section name:
    Source: QBzLk3iR7m.exeStatic PE information: section name: saftecpn
    Source: QBzLk3iR7m.exeStatic PE information: section name: nvdqpret
    Source: QBzLk3iR7m.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A59401 push 2865C110h; mov dword ptr [esp], eax0_2_00A5A185
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C830CD push ebx; mov dword ptr [esp], eax0_2_00C8311B
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C830CD push 213434E7h; mov dword ptr [esp], eax0_2_00C83139
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C560C2 push eax; mov dword ptr [esp], edx0_2_00C56107
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C560C2 push ebp; mov dword ptr [esp], edi0_2_00C56113
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A5D0AF push 250DB364h; mov dword ptr [esp], ecx0_2_00A5D0BB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A5A0B1 push edi; mov dword ptr [esp], ecx0_2_00A5A0C0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A57087 push ecx; mov dword ptr [esp], 357F62D6h0_2_00A57095
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00CB50E8 push ecx; mov dword ptr [esp], edi0_2_00CB5128
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00C510EB push edx; mov dword ptr [esp], 79CF069Bh0_2_00C51211
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A96087 push 091E1C60h; mov dword ptr [esp], eax0_2_00A96457
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A96087 push ecx; mov dword ptr [esp], 00000000h0_2_00A96483
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A96087 push ecx; mov dword ptr [esp], edi0_2_00A964A3
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B39086 push 3165D190h; mov dword ptr [esp], edi0_2_00B39146
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B39086 push 07105D75h; mov dword ptr [esp], ebx0_2_00B391F9
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00B39086 push ebx; mov dword ptr [esp], 6DDC9A80h0_2_00B391FE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push edx; mov dword ptr [esp], 19F5B335h0_2_00BC80E2
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push ebx; mov dword ptr [esp], eax0_2_00BC814C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 1DC13861h; mov dword ptr [esp], eax0_2_00BC818C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 06145792h; mov dword ptr [esp], esi0_2_00BC81FF
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push edx; mov dword ptr [esp], 2CF1D139h0_2_00BC822C
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push ebx; mov dword ptr [esp], ecx0_2_00BC82A7
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push ebx; mov dword ptr [esp], 6C9F9B62h0_2_00BC830A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 0CC945FBh; mov dword ptr [esp], ecx0_2_00BC834F
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 3D2CA8DBh; mov dword ptr [esp], edi0_2_00BC8457
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 51373200h; mov dword ptr [esp], esi0_2_00BC84B0
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 33C91305h; mov dword ptr [esp], eax0_2_00BC8560
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push esi; mov dword ptr [esp], ebx0_2_00BC85DB
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push 393B248Bh; mov dword ptr [esp], ecx0_2_00BC866E
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push ebp; mov dword ptr [esp], 7AC2C436h0_2_00BC868A
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00BC80C9 push edx; mov dword ptr [esp], esi0_2_00BC8697
    Source: QBzLk3iR7m.exeStatic PE information: section name: entropy: 7.9760706674050725
    Source: QBzLk3iR7m.exeStatic PE information: section name: saftecpn entropy: 7.953772678224057

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeWindow searched: window name: RegmonclassJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD2271 second address: BD2294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b js 00007F4358C6F756h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD2294 second address: BD229E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD14E9 second address: BD14F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4358C6F756h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD14F3 second address: BD1514 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E947h 0x00000007 jno 00007F4358B2E936h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD168E second address: BD1692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD415B second address: BD41C4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4358B2E946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007F4358B2E94Eh 0x00000011 nop 0x00000012 sbb cx, 324Ch 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D18EBh], esi 0x0000001f push 269AD294h 0x00000024 pushad 0x00000025 jmp 00007F4358B2E944h 0x0000002a push eax 0x0000002b push edx 0x0000002c jnl 00007F4358B2E936h 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD41C4 second address: BD41C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BD42F6 second address: BD42FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF6AFF second address: BF6B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BC1077 second address: BC107B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF4B74 second address: BF4BA3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4358C6F756h 0x00000008 jmp 00007F4358C6F765h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jp 00007F4358C6F756h 0x00000018 pop edx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF4BA3 second address: BF4BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jmp 00007F4358B2E93Ch 0x0000000b jmp 00007F4358B2E93Eh 0x00000010 pop esi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF53DB second address: BF53DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5529 second address: BF5532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5532 second address: BF5553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5553 second address: BF5559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5559 second address: BF555D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF582F second address: BF5833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5AB4 second address: BF5AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5AB8 second address: BF5ACD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E93Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop eax 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5ACD second address: BF5AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F760h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5AE6 second address: BF5AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF5AEA second address: BF5AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007F4358C6F756h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BEA911 second address: BEA922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E93Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BEA922 second address: BEA932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jng 00007F4358C6F756h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BEA932 second address: BEA942 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4358B2E936h 0x00000008 jng 00007F4358B2E936h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BEA942 second address: BEA952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F75Bh 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BF6363 second address: BF638E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4358B2E942h 0x00000008 jmp 00007F4358B2E93Ah 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4358B2E945h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BFBF6A second address: BFBF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BFBF71 second address: BFBF77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BFB553 second address: BFB56D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C026AC second address: C026B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01B32 second address: C01B53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F4358C6F762h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01B53 second address: C01B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01B59 second address: C01B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01CB8 second address: C01CC6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F4358B2E936h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01DED second address: C01DF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C01DF1 second address: C01DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C023E1 second address: C023F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F4358C6F756h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C02E5B second address: C02E64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C02E64 second address: C02F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F75Eh 0x00000009 popad 0x0000000a popad 0x0000000b add dword ptr [esp], 2784F953h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F4358C6F758h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c or di, E024h 0x00000031 call 00007F4358C6F759h 0x00000036 push ebx 0x00000037 jmp 00007F4358C6F763h 0x0000003c pop ebx 0x0000003d push eax 0x0000003e jo 00007F4358C6F760h 0x00000044 jmp 00007F4358C6F75Ah 0x00000049 mov eax, dword ptr [esp+04h] 0x0000004d push eax 0x0000004e pushad 0x0000004f push esi 0x00000050 pop esi 0x00000051 jmp 00007F4358C6F764h 0x00000056 popad 0x00000057 pop eax 0x00000058 mov eax, dword ptr [eax] 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F4358C6F766h 0x00000061 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C02F0E second address: C02F23 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4358B2E938h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C02F23 second address: C02F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C02F28 second address: C02F2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0322D second address: C0323E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4358C6F75Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0323E second address: C0324C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0349E second address: C034A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C034A3 second address: C034D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358B2E941h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jp 00007F4358B2E962h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4358B2E942h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C035D6 second address: C035DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03795 second address: C0379A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03C7D second address: C03C87 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4358C6F756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03E54 second address: C03E6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4358B2E944h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03E6C second address: C03E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03E70 second address: C03E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C03E7E second address: C03E91 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4358C6F75Bh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0400C second address: C04011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C04011 second address: C04027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4358C6F762h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C04193 second address: C0419D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4358B2E936h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0421B second address: C0424B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 mov esi, dword ptr [ebp+122D2923h] 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 jmp 00007F4358C6F766h 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pop edx 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0473C second address: C04768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E949h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a ja 00007F4358B2E936h 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C04768 second address: C0476D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C05235 second address: C05250 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4358B2E941h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C05097 second address: C0509D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06205 second address: C06209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06209 second address: C0626F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 call 00007F4358C6F762h 0x0000000c jmp 00007F4358C6F75Ah 0x00000011 pop edi 0x00000012 push 00000000h 0x00000014 pushad 0x00000015 and dl, 00000000h 0x00000018 push edi 0x00000019 mov ecx, dword ptr [ebp+122D2AB3h] 0x0000001f pop edx 0x00000020 popad 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push edi 0x00000026 call 00007F4358C6F758h 0x0000002b pop edi 0x0000002c mov dword ptr [esp+04h], edi 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc edi 0x00000039 push edi 0x0000003a ret 0x0000003b pop edi 0x0000003c ret 0x0000003d and esi, 1FF7B1EAh 0x00000043 push eax 0x00000044 pushad 0x00000045 push esi 0x00000046 push edi 0x00000047 pop edi 0x00000048 pop esi 0x00000049 push eax 0x0000004a push edx 0x0000004b push edi 0x0000004c pop edi 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06CE2 second address: C06CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06A5C second address: C06A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06CE6 second address: C06CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C06CEC second address: C06D79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F75Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F4358C6F758h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D2ABFh] 0x0000002e push 00000000h 0x00000030 mov edi, 47AA6458h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F4358C6F758h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 mov esi, edx 0x00000053 jnl 00007F4358C6F758h 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d jmp 00007F4358C6F760h 0x00000062 jp 00007F4358C6F756h 0x00000068 popad 0x00000069 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BC9757 second address: BC975D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C07509 second address: C0750F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BC975D second address: BC9762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BC9762 second address: BC9768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BC9768 second address: BC976C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C08C5B second address: C08C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C09746 second address: C0974C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0974C second address: C097D0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4358C6F756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F4358C6F758h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D18DCh], esi 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F4358C6F758h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov dword ptr [ebp+122D2CBAh], edi 0x0000004f add edi, dword ptr [ebp+122D2A7Fh] 0x00000055 sub dword ptr [ebp+122D3908h], ecx 0x0000005b push 00000000h 0x0000005d add edi, dword ptr [ebp+124517D7h] 0x00000063 xchg eax, ebx 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F4358C6F761h 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C097D0 second address: C097D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0AC3E second address: C0AC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0AC42 second address: C0AC48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0AC48 second address: C0ACD1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 je 00007F4358C6F756h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F4358C6F758h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b jmp 00007F4358C6F766h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F4358C6F758h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c jmp 00007F4358C6F75Ch 0x00000051 push eax 0x00000052 pushad 0x00000053 jmp 00007F4358C6F761h 0x00000058 push eax 0x00000059 push edx 0x0000005a push edi 0x0000005b pop edi 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0EF68 second address: C0EFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358B2E948h 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c pushad 0x0000000d jmp 00007F4358B2E93Ah 0x00000012 jnp 00007F4358B2E936h 0x00000018 popad 0x00000019 pop edi 0x0000001a nop 0x0000001b sub di, 5B80h 0x00000020 xor dword ptr [ebp+122D1CD6h], ebx 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov dword ptr [ebp+1244F4BAh], eax 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a xor dword ptr [ebp+124517E4h], eax 0x00000040 mov eax, dword ptr [ebp+122D0171h] 0x00000046 call 00007F4358B2E93Eh 0x0000004b mov ebx, 571ADCBAh 0x00000050 pop edi 0x00000051 push FFFFFFFFh 0x00000053 mov ebx, dword ptr [ebp+122D369Eh] 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jnc 00007F4358B2E93Ch 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C11136 second address: C1113C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C11233 second address: C11237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C11237 second address: C11251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C12F72 second address: C12F92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E949h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C12F92 second address: C12FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 call 00007F4358C6F75Fh 0x0000000e mov bl, 4Fh 0x00000010 pop edi 0x00000011 push 00000000h 0x00000013 mov ebx, 4DD40D89h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F4358C6F758h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C12219 second address: C1221D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C12FDB second address: C12FEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F75Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1221D second address: C12221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C13F1B second address: C13F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jg 00007F4358C6F75Bh 0x0000000e movsx ebx, ax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F4358C6F758h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d sub bx, BEE9h 0x00000032 and di, A762h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c call 00007F4358C6F758h 0x00000041 pop ecx 0x00000042 mov dword ptr [esp+04h], ecx 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ecx 0x0000004f push ecx 0x00000050 ret 0x00000051 pop ecx 0x00000052 ret 0x00000053 push edi 0x00000054 mov ebx, dword ptr [ebp+122D28F3h] 0x0000005a pop edi 0x0000005b xchg eax, esi 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C13154 second address: C13166 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F4358B2E936h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C13F88 second address: C13F8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C14100 second address: C14127 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4358B2E94Dh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C14127 second address: C1412B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C15F85 second address: C15F89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C15F89 second address: C15FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F4358C6F75Fh 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1BEC2 second address: C1BEC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C19F87 second address: C19FA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4358C6F767h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1BEC8 second address: C1BECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1B0B8 second address: C1B0BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C17F7A second address: C17F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F4358B2E93Ch 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C16F6C second address: C16F71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C17F8F second address: C17F95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1B0BF second address: C1B0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1A053 second address: C1A059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C16F71 second address: C16F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4358C6F756h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jnp 00007F4358C6F75Eh 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1A059 second address: C1A05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C1C09F second address: C1C0D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F4358C6F760h 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007F4358C6F768h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BB89FC second address: BB8A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BB8A01 second address: BB8A1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F760h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BB8A1D second address: BB8A3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4358B2E948h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BB8A3E second address: BB8A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F762h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4B6 second address: BBA4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4BA second address: BBA4BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4BE second address: BBA4CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4358B2E936h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4CC second address: BBA4D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F4358C6F756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4D8 second address: BBA4DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBA4DD second address: BBA4FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F763h 0x00000009 ja 00007F4358C6F756h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C29E19 second address: C29E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F4358B2E938h 0x0000000e pushad 0x0000000f popad 0x00000010 je 00007F4358B2E93Ch 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C29E35 second address: C29E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jp 00007F4358C6F756h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C29E41 second address: C29E4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2A13B second address: C2A142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2A142 second address: C2A148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2A148 second address: C2A162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F75Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jno 00007F4358C6F756h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2A162 second address: C2A177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2A177 second address: C2A181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4358C6F756h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C2D9BE second address: C2D9C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C30BA7 second address: C30BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C30BAB second address: C30BAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C30BAF second address: C30BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4358C6F760h 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4358C6F763h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C376DC second address: C376F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E93Bh 0x00000007 jl 00007F4358B2E936h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36303 second address: C36309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36A59 second address: C36A66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007F4358B2E936h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36A66 second address: C36A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4358C6F756h 0x0000000a jmp 00007F4358C6F768h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36A8A second address: C36A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36A96 second address: C36A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36A9A second address: C36A9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C36EAB second address: C36EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4358C6F756h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F4358C6F756h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C37039 second address: C3703F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C37198 second address: C3719E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C3719E second address: C371A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371A2 second address: C371B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4358C6F75Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371B9 second address: C371BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371BD second address: C371C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371C1 second address: C371C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371C7 second address: C371DF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4358C6F758h 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b jnl 00007F4358C6F756h 0x00000011 pop edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C371DF second address: C37212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 push edx 0x00000008 jmp 00007F4358B2E949h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007F4358B2E93Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C373DA second address: C373E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C373E2 second address: C373E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: BBF55A second address: BBF560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C3BA1E second address: C3BA23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C45495 second address: C4549B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4549B second address: C454C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4358B2E94Ah 0x0000000c jmp 00007F4358B2E93Eh 0x00000011 jns 00007F4358B2E936h 0x00000017 popad 0x00000018 push eax 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0BD59 second address: C0BD66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0BD66 second address: C0BD6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0BD6C second address: C0BD70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0BD70 second address: C0BD74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0BD74 second address: BEA911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F4358C6F760h 0x0000000e lea eax, dword ptr [ebp+12486B10h] 0x00000014 jc 00007F4358C6F75Ah 0x0000001a mov di, BE72h 0x0000001e push eax 0x0000001f push ebx 0x00000020 push edi 0x00000021 jbe 00007F4358C6F756h 0x00000027 pop edi 0x00000028 pop ebx 0x00000029 mov dword ptr [esp], eax 0x0000002c xor dword ptr [ebp+12450DE7h], edi 0x00000032 call dword ptr [ebp+122D2808h] 0x00000038 jmp 00007F4358C6F764h 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C32C second address: C0C331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C490 second address: C0C4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F4358C6F761h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4358C6F75Ch 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C4B8 second address: C0C4BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C4BE second address: C0C50F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 nop 0x0000000a jmp 00007F4358C6F765h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F4358C6F766h 0x00000018 jmp 00007F4358C6F767h 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C50F second address: C0C51E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4358B2E93Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C630 second address: C0C645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F760h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C72C second address: C0C74C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push ecx 0x0000000a mov dx, bx 0x0000000d pop edi 0x0000000e push 00000004h 0x00000010 or dword ptr [ebp+12450E25h], edi 0x00000016 nop 0x00000017 pushad 0x00000018 jns 00007F4358B2E93Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C74C second address: C0C754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C754 second address: C0C76F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b jmp 00007F4358B2E93Fh 0x00000010 pop edi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0CEA3 second address: C0CF24 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4358C6F756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4358C6F763h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F4358C6F758h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d and edx, 5F31E004h 0x00000033 push ecx 0x00000034 mov cx, 7739h 0x00000038 pop ecx 0x00000039 mov edx, 35EA298Eh 0x0000003e lea eax, dword ptr [ebp+12486B54h] 0x00000044 mov edi, dword ptr [ebp+122D271Dh] 0x0000004a xor edx, dword ptr [ebp+122D35CAh] 0x00000050 nop 0x00000051 push ebx 0x00000052 jo 00007F4358C6F758h 0x00000058 push edx 0x00000059 pop edx 0x0000005a pop ebx 0x0000005b push eax 0x0000005c pushad 0x0000005d pushad 0x0000005e js 00007F4358C6F756h 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 popad 0x00000067 push eax 0x00000068 push edx 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0CF24 second address: C0CFAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F4358B2E938h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov ecx, 401EF70Ah 0x00000027 lea eax, dword ptr [ebp+12486B10h] 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007F4358B2E938h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 mov ecx, 4A0E6757h 0x0000004c nop 0x0000004d jmp 00007F4358B2E93Eh 0x00000052 push eax 0x00000053 pushad 0x00000054 pushad 0x00000055 jmp 00007F4358B2E941h 0x0000005a jno 00007F4358B2E936h 0x00000060 popad 0x00000061 push eax 0x00000062 push edx 0x00000063 jbe 00007F4358B2E936h 0x00000069 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0CFAD second address: BEB515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov edi, ebx 0x0000000d call dword ptr [ebp+122D3693h] 0x00000013 push eax 0x00000014 jnp 00007F4358C6F75Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C446BE second address: C446C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44801 second address: C4484C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4358C6F756h 0x00000009 jl 00007F4358C6F756h 0x0000000f jl 00007F4358C6F756h 0x00000015 popad 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 jmp 00007F4358C6F75Fh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jnl 00007F4358C6F75Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f jmp 00007F4358C6F75Ch 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4484C second address: C4485C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4358B2E936h 0x00000008 js 00007F4358B2E936h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4485C second address: C44861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44861 second address: C44872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4358B2E936h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44872 second address: C44876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44876 second address: C4487A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44B5D second address: C44B68 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44CF8 second address: C44D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 je 00007F4358B2E93Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44E4B second address: C44E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44E56 second address: C44E62 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnp 00007F4358B2E936h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C44E62 second address: C44E8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F4358C6F75Ch 0x0000000a jmp 00007F4358C6F75Dh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4358C6F75Ch 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4AD2D second address: C4AD31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4AD31 second address: C4AD49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4358C6F760h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4AD49 second address: C4AD4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D66 second address: C49D7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D7B second address: C49D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D7F second address: C49D85 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D85 second address: C49D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D8F second address: C49D93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C49D93 second address: C49D9D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A031 second address: C4A036 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A036 second address: C4A03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A03C second address: C4A050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jnp 00007F4358C6F756h 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A050 second address: C4A054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A1DB second address: C4A1DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A1DF second address: C4A1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A491 second address: C4A496 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A7A2 second address: C4A7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jbe 00007F4358B2E955h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A7CC second address: C4A819 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4358C6F75Dh 0x00000008 pop edx 0x00000009 jnl 00007F4358C6F769h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 je 00007F4358C6F76Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A819 second address: C4A81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A81D second address: C4A821 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4A821 second address: C4A82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F4358B2E936h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F403 second address: C4F438 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4358C6F758h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4358C6F764h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F4358C6F760h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F438 second address: C4F442 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4358B2E936h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F442 second address: C4F44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F44C second address: C4F450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F731 second address: C4F74A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4358C6F763h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C4F8AC second address: C4F8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4358B2E936h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C50227 second address: C5024D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F766h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4358C6F75Ch 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5024D second address: C5026C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jnp 00007F4358B2E936h 0x00000016 pop ecx 0x00000017 jnp 00007F4358B2E93Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C507C3 second address: C507C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C507C9 second address: C50811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F4358B2E94Ch 0x0000000b push eax 0x0000000c jmp 00007F4358B2E947h 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4358B2E93Ah 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C50811 second address: C50815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C50815 second address: C50845 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edi 0x0000000a jno 00007F4358B2E93Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4358B2E946h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C50845 second address: C50849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C538A3 second address: C538A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C55FE0 second address: C55FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C55FE6 second address: C55FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5613F second address: C56149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4358C6F756h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5FF41 second address: C5FF59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4358B2E941h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E7D1 second address: C5E7DF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F4358C6F756h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E7DF second address: C5E7E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E7E5 second address: C5E810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007F4358C6F768h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E810 second address: C5E814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E814 second address: C5E826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F4358C6F756h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5E826 second address: C5E82A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EAA2 second address: C5EAA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EAA8 second address: C5EAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4358B2E949h 0x0000000c jmp 00007F4358B2E949h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EAE1 second address: C5EAF1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4358C6F756h 0x00000008 jno 00007F4358C6F756h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EC38 second address: C5EC40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5ED8F second address: C5ED98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5ED98 second address: C5ED9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EF0E second address: C5EF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EF12 second address: C5EF1C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4358B2E936h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EF1C second address: C5EF26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5EF26 second address: C5EF38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E93Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C8FF second address: C0C91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F769h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C91D second address: C0C98A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F4358B2E936h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ecx 0x00000010 jg 00007F4358B2E938h 0x00000016 pop ecx 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F4358B2E938h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D356Eh], ebx 0x00000038 mov dl, A7h 0x0000003a mov ebx, dword ptr [ebp+12486B4Fh] 0x00000040 jbe 00007F4358B2E93Ch 0x00000046 sbb edi, 6F489CB4h 0x0000004c add eax, ebx 0x0000004e mov edx, 3B8E9D54h 0x00000053 or dword ptr [ebp+124507B5h], edx 0x00000059 nop 0x0000005a push eax 0x0000005b push edx 0x0000005c jnl 00007F4358B2E938h 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C98A second address: C0C9E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F4358C6F767h 0x0000000f nop 0x00000010 add dword ptr [ebp+122D362Eh], ecx 0x00000016 push 00000004h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F4358C6F758h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 mov edx, dword ptr [ebp+122D2B3Bh] 0x00000038 nop 0x00000039 push eax 0x0000003a push edx 0x0000003b push edi 0x0000003c jnp 00007F4358C6F756h 0x00000042 pop edi 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C0C9E1 second address: C0C9F6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4358B2E93Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5F252 second address: C5F26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4358C6F756h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4358C6F760h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5F26F second address: C5F273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5FBEF second address: C5FBF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5FBF3 second address: C5FC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4358B2E944h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C5FC11 second address: C5FC17 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C66B8E second address: C66BA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4358B2E943h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C66BA6 second address: C66BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jne 00007F4358C6F762h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C67461 second address: C6746C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C69E90 second address: C69EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jno 00007F4358C6F75Eh 0x0000000d pushad 0x0000000e jbe 00007F4358C6F756h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F5F0 second address: C6F5FA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F5FA second address: C6F601 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F7C2 second address: C6F7CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F7CA second address: C6F7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F7D0 second address: C6F7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F4358B2E936h 0x0000000d jne 00007F4358B2E936h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6F7E3 second address: C6F7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6FBDD second address: C6FBE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6FBE3 second address: C6FBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6FEE4 second address: C6FEEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6FEEA second address: C6FEF3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C6FEF3 second address: C6FEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C7051E second address: C70526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70526 second address: C70531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70531 second address: C7053A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C7053A second address: C7053E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70B75 second address: C70B81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F4358C6F756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70B81 second address: C70B9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4358B2E941h 0x00000008 jno 00007F4358B2E936h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70B9D second address: C70BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70E66 second address: C70E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C70E6C second address: C70EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F760h 0x00000009 jmp 00007F4358C6F769h 0x0000000e popad 0x0000000f jmp 00007F4358C6F762h 0x00000014 pop esi 0x00000015 pushad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C71440 second address: C71464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F4358B2E936h 0x0000000b popad 0x0000000c jne 00007F4358B2E94Ch 0x00000012 jmp 00007F4358B2E940h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C7A088 second address: C7A08C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C79751 second address: C79756 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C79C5D second address: C79C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C79C63 second address: C79C8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jg 00007F4358B2E936h 0x00000016 jbe 00007F4358B2E936h 0x0000001c popad 0x0000001d pushad 0x0000001e jc 00007F4358B2E936h 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C825E5 second address: C825F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F4358C6F75Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C8273E second address: C82762 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E942h 0x00000007 jmp 00007F4358B2E93Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C82762 second address: C82774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F75Dh 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C82774 second address: C8277C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C8277C second address: C8278E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4358C6F756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F4358C6F756h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C8278E second address: C82792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C828B6 second address: C828BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C838D3 second address: C838E5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4358B2E938h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C838E5 second address: C83902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F769h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C83902 second address: C83908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C83908 second address: C83918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4358C6F75Ah 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C83918 second address: C8391D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C8922B second address: C89239 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4358C6F75Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C89239 second address: C8923F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C8923F second address: C89244 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C893BF second address: C893C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C99EFC second address: C99F07 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C99AF8 second address: C99AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C9F54F second address: C9F553 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C9F689 second address: C9F695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4358B2E936h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CA4663 second address: CA466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CAC41E second address: CAC43C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4358B2E946h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CAC28A second address: CAC290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CAC290 second address: CAC296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CAC296 second address: CAC2AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4358C6F756h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F4358C6F756h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CAF3B9 second address: CAF3C4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4A2D second address: CB4A3B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4358C6F756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4A3B second address: CB4A56 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jng 00007F4358B2E93Ch 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4A56 second address: CB4A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4A63 second address: CB4A6D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4A6D second address: CB4A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4358C6F756h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB4ECB second address: CB4EDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007F4358B2E936h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB5035 second address: CB5040 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007F4358C6F756h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CB830A second address: CB8314 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4358B2E93Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CBD165 second address: CBD16C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CBD16C second address: CBD174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CC4983 second address: CC49A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358C6F769h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CC49A0 second address: CC49DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E945h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F4358B2E948h 0x0000000f jnl 00007F4358B2E936h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CC49DD second address: CC49E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4358C6F756h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CCCBAC second address: CCCBB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CCCBB2 second address: CCCBD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F4358C6F764h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CCCBD3 second address: CCCBF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358B2E949h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CCCBF0 second address: CCCBFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CCCBFB second address: CCCC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CD89AF second address: CD89CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 jmp 00007F4358C6F767h 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF02A2 second address: CF02D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F4358B2E942h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4358B2E944h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF02D2 second address: CF02FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F4358C6F766h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4358C6F75Fh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF02FF second address: CF0310 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4358B2E936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF04A7 second address: CF04B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jg 00007F4358C6F756h 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF061E second address: CF0641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4358B2E947h 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F4358B2E936h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF0641 second address: CF064B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4358C6F756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF0798 second address: CF079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF079D second address: CF07B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4358C6F75Fh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF07B0 second address: CF07B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF4FB6 second address: CF4FCB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F4358C6F758h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF5254 second address: CF525F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4358B2E936h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: CF67F3 second address: CF681C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4358C6F760h 0x00000007 js 00007F4358C6F76Bh 0x0000000d jmp 00007F4358C6F75Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRDTSC instruction interceptor: First address: C05DEA second address: C05DF0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSpecial instruction interceptor: First address: A5618A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSpecial instruction interceptor: First address: A589F0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSpecial instruction interceptor: First address: C91921 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A5D488 rdtsc 0_2_00A5D488
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exe TID: 3300Thread sleep time: -90000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exe TID: 3736Thread sleep time: -30000s >= -30000sJump to behavior
    Source: QBzLk3iR7m.exe, QBzLk3iR7m.exe, 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000002.1789948521.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: QBzLk3iR7m.exe, 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile opened: SICE
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A5D488 rdtsc 0_2_00A5D488
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeCode function: 0_2_00A3E110 LdrInitializeThunk,0_2_00A3E110

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: QBzLk3iR7m.exeString found in binary or memory: bashfulacid.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: curverpluch.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: tentabatte.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: shapestickyr.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: talkynicer.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: slipperyloo.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: manyrestro.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: observerfry.lat
    Source: QBzLk3iR7m.exeString found in binary or memory: wordyfindy.lat
    Source: QBzLk3iR7m.exe, QBzLk3iR7m.exe, 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: fProgram Manager
    Source: C:\Users\user\Desktop\QBzLk3iR7m.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    QBzLk3iR7m.exe57%VirustotalBrowse
    QBzLk3iR7m.exe68%ReversingLabsWin32.Trojan.Generic
    QBzLk3iR7m.exe100%AviraTR/Crypt.XPACK.Gen
    QBzLk3iR7m.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://manyrestro.lat:443/api100%Avira URL Cloudmalware
    https://tentabatte.lat:443/api100%Avira URL Cloudmalware
    https://talkynicer.lat:443/apibg100%Avira URL Cloudmalware
    https://bashfulacid.lat:443/api100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      wordyfindy.lat
      		unknown
      		unknownfalse
        		high
        slipperyloo.lat
        		unknown
        		unknownfalse
          		high
          curverpluch.lat
          		unknown
          		unknownfalse
            		high
            tentabatte.lat
            		unknown
            		unknownfalse
              		high
              manyrestro.lat
              		unknown
              		unknownfalse
                		high
                bashfulacid.lat
                		unknown
                		unknownfalse
                  		high
                  shapestickyr.lat
                  		unknown
                  		unknownfalse
                    		high
                    observerfry.lat
                    		unknown
                    		unknownfalse
                      		high
                      talkynicer.lat
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        curverpluch.latfalse
                          		high
                          slipperyloo.latfalse
                            		high
                            tentabatte.latfalse
                              		high
                              manyrestro.latfalse
                                		high
                                bashfulacid.latfalse
                                  		high
                                  observerfry.latfalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        shapestickyr.latfalse
                                          		high
                                          talkynicer.latfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.comQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcastsQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampowered.com/en/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/market/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/news/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://store.steampowered.com/subscriber_agreement/QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgQBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://recaptcha.net/recaptcha/;QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.valvesoftware.com/legal.htmQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/discussions/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://store.steampowered.com/stats/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://medal.tvQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://broadcast.st.dl.eccdnx.comQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/steam_refunds/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://manyrestro.lat:443/apiQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://bashfulacid.lat:443/apiQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackQBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aQBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steamcommunity.com:443/profiles/76561199724331900$gJQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://s.ytimg.com;QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiQBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/workshop/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.steampowered.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbQBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/legal/QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=engliQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steam.tv/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://observerfry.lat:443/apiQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://steamcommunity.com/lQBzLk3iR7m.exe, 00000000.00000002.1789948521.000000000147E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://tentabatte.lat:443/apiQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                		unknown
                                                                                                                                                https://steamcommunity.com/qQBzLk3iR7m.exe, 00000000.00000002.1790239951.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://talkynicer.lat:443/apibgQBzLk3iR7m.exe, 00000000.00000002.1790082132.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  http://store.steampowered.com/privacy_agreement/QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/points/shop/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://recaptcha.netQBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://store.steampowered.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.comQBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://sketchfab.comQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://lv.queniujq.cnQBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.youtube.com/QBzLk3iR7m.exe, 00000000.00000002.1790155239.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://127.0.0.1:27060QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/privacy_agreement/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.google.com/recaptcha/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://checkout.steampowered.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://help.steampowered.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://api.steampowered.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/points/shopQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://store.steampowered.com/account/cookiepreferences/QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/mobileQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81QBzLk3iR7m.exe, 00000000.00000003.1788934316.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/;QBzLk3iR7m.exe, 00000000.00000002.1790239951.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789066547.0000000001504000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788934316.0000000001516000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1789158298.000000000150E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/about/QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lQBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001555000.00000004.00000020.00020000.00000000.sdmp, QBzLk3iR7m.exe, 00000000.00000003.1788892648.0000000001550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      104.102.49.254
                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1580928
                                                                                                                                                                                                      Start date and time:2024-12-26 13:16:06 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 3m 1s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:1
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:QBzLk3iR7m.exe
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:4861b5b451b9b47a69184f6b220de01c.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      07:17:04API Interceptor8x Sleep call for process: QBzLk3iR7m.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                      • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                      http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      steamcommunity.comM7uF55qihK.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      jT7sgjdTea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      pTM2NWuTvC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      DjnwNMDQhC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      Y4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      AKAMAI-ASUSM7uF55qihK.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      jT7sgjdTea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      pTM2NWuTvC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      DjnwNMDQhC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      Y4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                      • 104.121.10.34

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1M7uF55qihK.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      jT7sgjdTea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      pTM2NWuTvC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      DjnwNMDQhC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      Y4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      No created / dropped files found

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):7.948674835536927
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:QBzLk3iR7m.exe
                                                                                                                                                                                                      File size:1'885'184 bytes
                                                                                                                                                                                                      MD5:4861b5b451b9b47a69184f6b220de01c
                                                                                                                                                                                                      SHA1:593ff62d3b33c9763c1953cabfec02a0942124db
                                                                                                                                                                                                      SHA256:4ef6a31cebbf51e7f0a29cf39edaa3513c363f289dafde0ba1ccf34be46edd71
                                                                                                                                                                                                      SHA512:06f823e7bd45c575c380b1c120c133267533709463340f818612eea9c258bfa0c0fac947fff9a084c53f6da68815a90a92c2eeb22d4b33d43e29ad6438cb6c5c
                                                                                                                                                                                                      SSDEEP:49152:dvAcZeKoRvudPWrBsaRQSPobt0/DMyHm4u:dvAc+Ud1aRn+yrTGX
                                                                                                                                                                                                      TLSH:2F9533E31CA64DD6F12D413760B2F80A66316C8ABC51847FAF1BE5212C2655EF3ED2B4
                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig.............................`J...........@...........................J......6....@.................................Y@..m..

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x8a6000
                                                                                                                                                                                                      Entrypoint Section:.taggant
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      jmp 00007F4358D6204Ah
                                                                                                                                                                                                      cpuid
                                                                                                                                                                                                      sbb al, 00h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      jmp 00007F4358D64045h
                                                                                                                                                                                                      add byte ptr [ebx], al
                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], dh
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax+eax], ah
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      and dword ptr [eax], eax
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add ecx, dword ptr [edx]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      pop es
                                                                                                                                                                                                      add byte ptr [eax], 00000000h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      adc byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add eax, 0000000Ah
                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      0x10000x520000x2640097f99952db38fd71acea5e4fb4a7188dFalse0.9994000204248366data7.9760706674050725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      0x550000x2ad0000x200a58103118dd0237fbef59439525e2a78unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      saftecpn0x3020000x1a30000x1a2400b9c40caadb3fe9246d0a27fa23450d41False0.9948329161685595data7.953772678224057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      nvdqpret0x4a50000x10000x400d56d093fb986ab77ee460f5801792b61False0.7197265625data5.772838102248057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .taggant0x4a60000x30000x22007cdd5c53762ebd0a54867140acb16e1aFalse0.0642233455882353DOS executable (COM)0.7709664145491172IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      kernel32.dlllstrcpy

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                      2024-12-26T13:17:05.516637+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.4547351.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:05.657923+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.4606601.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:05.801107+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.4581621.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:05.944451+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.4616381.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:06.086509+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.4590871.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:06.231356+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.4643561.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:06.372489+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.4592331.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:06.517447+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.4584081.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:17:08.285120+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.102.49.254443TCP
                                                                                                                                                                                                      2024-12-26T13:17:09.128085+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.803464890 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.803510904 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.803622007 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.807162046 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.807184935 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.284980059 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.285120010 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.288871050 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.288892984 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.289206028 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.330504894 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.377940893 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:08.419334888 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128168106 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128209114 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128246069 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128268003 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128277063 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128292084 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128304958 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128314972 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.128350019 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.324215889 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.324270010 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.324373007 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.324384928 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.324402094 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325412035 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325422049 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325598001 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325639963 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325680017 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325761080 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:17:09.325778008 CET44349730104.102.49.254192.168.2.4

                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.376143932 CET5665753192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.513025999 CET53566571.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.516637087 CET5473553192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.654198885 CET53547351.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.657922983 CET6066053192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.795737982 CET53606601.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.801106930 CET5816253192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.941358089 CET53581621.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.944451094 CET6163853192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.082576990 CET53616381.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.086508989 CET5908753192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.224522114 CET53590871.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.231355906 CET6435653192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.369237900 CET53643561.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.372488976 CET5923353192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.512010098 CET53592331.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.517446995 CET5840853192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.654545069 CET53584081.1.1.1192.168.2.4
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.657855034 CET5169953192.168.2.41.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.796776056 CET53516991.1.1.1192.168.2.4

                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.376143932 CET192.168.2.41.1.1.10x3babStandard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.516637087 CET192.168.2.41.1.1.10x90feStandard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.657922983 CET192.168.2.41.1.1.10xa4c3Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.801106930 CET192.168.2.41.1.1.10x3838Standard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.944451094 CET192.168.2.41.1.1.10x7a76Standard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.086508989 CET192.168.2.41.1.1.10xc9cdStandard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.231355906 CET192.168.2.41.1.1.10x5eb7Standard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.372488976 CET192.168.2.41.1.1.10xc290Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.517446995 CET192.168.2.41.1.1.10x4745Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.657855034 CET192.168.2.41.1.1.10xe4baStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.513025999 CET1.1.1.1192.168.2.40x3babName error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.654198885 CET1.1.1.1192.168.2.40x90feName error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.795737982 CET1.1.1.1192.168.2.40xa4c3Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:05.941358089 CET1.1.1.1192.168.2.40x3838Name error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.082576990 CET1.1.1.1192.168.2.40x7a76Name error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.224522114 CET1.1.1.1192.168.2.40xc9cdName error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.369237900 CET1.1.1.1192.168.2.40x5eb7Name error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.512010098 CET1.1.1.1192.168.2.40xc290Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.654545069 CET1.1.1.1192.168.2.40x4745Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:17:06.796776056 CET1.1.1.1192.168.2.40xe4baNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • steamcommunity.com

                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      0192.168.2.449730104.102.49.2544436752C:\Users\user\Desktop\QBzLk3iR7m.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-12-26 12:17:08 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                      2024-12-26 12:17:09 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 12:17:08 GMT
                                                                                                                                                                                                      Content-Length: 25665
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Set-Cookie: sessionid=75c7ff300415049427db0fc1; Path=/; Secure; SameSite=None
                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                      2024-12-26 12:17:09 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                      2024-12-26 12:17:09 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                      Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:07:17:02
                                                                                                                                                                                                      Start date:26/12/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\QBzLk3iR7m.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\QBzLk3iR7m.exe"
                                                                                                                                                                                                      Imagebase:0xa00000
                                                                                                                                                                                                      File size:1'885'184 bytes
                                                                                                                                                                                                      MD5 hash:4861B5B451B9B47A69184F6B220DE01C
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:0.9%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:24.3%
                                                                                                                                                                                                        Total number of Nodes:70
                                                                                                                                                                                                        Total number of Limit Nodes:4
                                                                                                                                                                                                        execution_graph 18950 a08600 18954 a0860f 18950->18954 18951 a08a48 ExitProcess 18952 a08a31 18959 a3e080 18952->18959 18954->18951 18954->18952 18956 a0b7b0 FreeLibrary 18954->18956 18957 a0b7cc 18956->18957 18958 a0b7d1 FreeLibrary 18957->18958 18958->18952 18962 a3f970 18959->18962 18961 a3e085 FreeLibrary 18961->18951 18963 a3f979 18962->18963 18963->18961 18964 a3e760 18965 a3e780 18964->18965 18966 a3e7be 18965->18966 18968 a3e110 LdrInitializeThunk 18965->18968 18968->18966 18969 a41320 18970 a41340 18969->18970 18970->18970 18971 a4145e 18970->18971 18973 a3e110 LdrInitializeThunk 18970->18973 18973->18971 18974 a3e967 18975 a3e980 18974->18975 18978 a3e110 LdrInitializeThunk 18975->18978 18977 a3e9ef 18978->18977 18987 a59401 18988 a5a0d2 VirtualAlloc 18987->18988 18990 a0a369 18991 a0a430 18990->18991 18991->18991 18994 a0b100 18991->18994 18993 a0a479 18995 a0b190 18994->18995 18997 a0b1b5 18995->18997 18998 a3e0a0 18995->18998 18997->18993 18999 a3e0f3 18998->18999 19000 a3e0c0 18998->19000 19001 a3e0d4 18998->19001 19004 a3e0e8 18998->19004 19005 a3c570 18999->19005 19000->18999 19000->19001 19003 a3e0d9 RtlReAllocateHeap 19001->19003 19003->19004 19004->18995 19006 a3c583 19005->19006 19007 a3c585 19005->19007 19006->19004 19008 a3c58a RtlFreeHeap 19007->19008 19008->19004 19009 a3ea29 19010 a3ea50 19009->19010 19011 a3ea8e 19010->19011 19016 a3e110 LdrInitializeThunk 19010->19016 19015 a3e110 LdrInitializeThunk 19011->19015 19014 a3eb59 19015->19014 19016->19011 19017 a3eb88 19018 a3eba0 19017->19018 19021 a3ebde 19018->19021 19024 a3e110 LdrInitializeThunk 19018->19024 19019 a3ec4e 19021->19019 19023 a3e110 LdrInitializeThunk 19021->19023 19023->19019 19024->19021 19025 a09eb7 19028 a3fe00 19025->19028 19029 a09ec7 WSAStartup 19028->19029 19030 a5a03c 19031 a59fcc VirtualAlloc 19030->19031 19033 a5a041 19030->19033 19031->19033 19034 a3679f 19035 a367bc 19034->19035 19037 a3682d 19035->19037 19038 a3e110 LdrInitializeThunk 19035->19038 19038->19035 19039 a09d1e 19040 a09d40 19039->19040 19040->19040 19041 a09d94 LoadLibraryExW 19040->19041 19042 a09da5 19041->19042 19043 a09e74 LoadLibraryExW 19042->19043 19044 a09e85 19043->19044 19050 a3c55c RtlAllocateHeap

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00A0B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 a0b100-a0b18b 1 a0b190-a0b199 0->1 1->1 2 a0b19b-a0b1ae 1->2 4 a0b414-a0b4b7 call a07e30 2->4 5 a0b4e4-a0b4ef 2->5 6 a0b1b5-a0b1b7 2->6 7 a0b4f6-a0b4fd 2->7 8 a0b40b-a0b40f 2->8 9 a0b1bc-a0b3db 2->9 10 a0b4be-a0b4c7 2->10 11 a0b52f-a0b538 2->11 4->5 4->7 4->10 4->11 14 a0b780 4->14 15 a0b782 4->15 16 a0b5e3-a0b5f0 4->16 17 a0b623-a0b640 4->17 18 a0b647-a0b657 4->18 19 a0b748-a0b76d 4->19 20 a0b789 4->20 21 a0b689-a0b697 4->21 22 a0b76f 4->22 23 a0b66f-a0b687 call a3fe00 4->23 24 a0b6f0-a0b6f1 4->24 25 a0b610-a0b61e 4->25 26 a0b792-a0b79a 4->26 27 a0b717-a0b732 call a3e0a0 4->27 28 a0b5f7-a0b60e call a3fe00 4->28 29 a0b69c-a0b6b1 4->29 30 a0b65e-a0b668 4->30 31 a0b6fe-a0b710 4->31 32 a0b79f 4->32 5->7 5->11 5->14 5->15 5->16 5->17 5->18 5->19 5->20 5->21 5->22 5->23 5->24 5->25 5->26 5->27 5->28 5->29 5->30 5->31 5->32 34 a0b6df-a0b6e6 6->34 33 a0b572-a0b592 7->33 37 a0b6d3-a0b6dc 8->37 35 a0b3e0-a0b3eb 9->35 12 a0b4ce-a0b4df 10->12 13 a0b4ff-a0b52a call a3fe00 10->13 36 a0b540-a0b56a 11->36 43 a0b6c6-a0b6d0 12->43 13->43 15->20 16->25 16->28 17->14 17->15 17->18 17->19 17->20 17->21 17->22 17->23 17->24 17->25 17->26 17->27 17->28 17->29 17->30 17->31 17->32 18->14 18->15 18->19 18->20 18->21 18->22 18->23 18->24 18->25 18->26 18->27 18->28 18->29 18->30 18->31 18->32 41 a0b774-a0b77a 19->41 20->26 44 a0b7a2-a0b7a9 21->44 22->41 23->21 51 a0b6f8 24->51 49 a0b6ba-a0b6bd 25->49 26->24 53 a0b737-a0b741 27->53 28->25 29->49 30->21 30->23 30->25 30->28 31->14 31->15 31->19 31->20 31->21 31->22 31->23 31->25 31->27 31->28 31->32 32->44 47 a0b5a0-a0b5bd 33->47 35->35 40 a0b3ed-a0b3f8 35->40 36->36 46 a0b56c-a0b56f 36->46 37->34 61 a0b3fb-a0b404 40->61 41->14 43->37 44->49 46->33 47->47 60 a0b5bf-a0b5dc 47->60 49->43 51->31 53->14 53->15 53->19 53->20 53->21 53->22 53->23 53->25 53->28 53->32 60->14 60->15 60->16 60->17 60->18 60->19 60->20 60->21 60->22 60->23 60->24 60->25 60->26 60->27 60->28 60->29 60->30 60->31 60->32 61->4 61->5 61->7 61->8 61->10 61->11 61->14 61->15 61->16 61->17 61->18 61->19 61->20 61->21 61->22 61->23 61->24 61->25 61->26 61->27 61->28 61->29 61->30 61->31 61->32
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                        • API String ID: 0-620192811
                                                                                                                                                                                                        • Opcode ID: ffcb7eef30285cc1d6a43d81346ff79b2870e586ee3416e93dd14879070a6bdb
                                                                                                                                                                                                        • Instruction ID: a8c26981a5b75f3d8f2deb42f20349ecf1eddbe0983ddbaa59b6801cc78a0fab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffcb7eef30285cc1d6a43d81346ff79b2870e586ee3416e93dd14879070a6bdb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 500275B5610B05CFD324CF25E891BABBBF1FB45314F108A2CE5AA8BAA1D775A405CF50
                                                                                                                                                                                                        Function 00A08600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 74 a08600-a08611 call a3d9a0 77 a08617-a0861e call a362a0 74->77 78 a08a48-a08a4b ExitProcess 74->78 81 a08a31-a08a38 77->81 82 a08624-a0864a 77->82 83 a08a43 call a3e080 81->83 84 a08a3a-a08a40 call a07f60 81->84 90 a08650-a0887f 82->90 91 a0864c-a0864e 82->91 83->78 84->83 93 a08880-a088ce 90->93 91->90 93->93 94 a088d0-a0891d call a3c540 93->94 97 a08920-a08943 94->97 98 a08964-a0897c 97->98 99 a08945-a08962 97->99 101 a08982-a08a0b 98->101 102 a08a0d-a08a1b call a09d00 98->102 99->97 101->102 104 a08a20-a08a25 102->104 104->81 105 a08a27-a08a2c call a0cb90 call a0b7b0 104->105 105->81
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 00A08A4B
                                                                                                                                                                                                          • Part of subcall function 00A0B7B0: FreeLibrary.KERNEL32(00A08A31), ref: 00A0B7B6
                                                                                                                                                                                                          • Part of subcall function 00A0B7B0: FreeLibrary.KERNEL32 ref: 00A0B7D7
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                        • String ID: b]u)$}$}
                                                                                                                                                                                                        • API String ID: 1614911148-2900034282
                                                                                                                                                                                                        • Opcode ID: 78d3701dc8687417ffe48e0e424ba854d0bc58c72dbdbc8968f8db5af547411e
                                                                                                                                                                                                        • Instruction ID: 75bf41d18c56be2f44d19d56743b5df911ab1f3a37310d723e615dc35163c480
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78d3701dc8687417ffe48e0e424ba854d0bc58c72dbdbc8968f8db5af547411e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DC1F573E187144BC718DF69D84125AF7D6ABC8710F0EC62EA898EB391EA74DC058BC5
                                                                                                                                                                                                        Function 00A3E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 182 a3e110-a3e142 LdrInitializeThunk
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(00A4148A,?,00000018,?,?,00000018,?,?,?), ref: 00A3E13E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                        Function 00A41720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 184 a41720-a41741 185 a41750-a4176b 184->185 185->185 186 a4176d-a41779 185->186 187 a417e0-a417e5 186->187 188 a4177b-a41785 186->188 189 a41879-a4187b 187->189 190 a417eb-a417ff 187->190 191 a41790-a41797 188->191 192 a4188d-a41894 189->192 193 a4187d-a41884 189->193 194 a41800-a4181b 190->194 195 a417ad-a417b5 191->195 196 a41799-a417a7 191->196 198 a41886 193->198 199 a4188a 193->199 194->194 200 a4181d-a41828 194->200 195->187 197 a417b7-a417d8 call a3e110 195->197 196->191 201 a417a9-a417ab 196->201 206 a417dd 197->206 198->199 199->192 203 a41871-a41873 200->203 204 a4182a-a41832 200->204 201->187 203->189 205 a41875 203->205 207 a41840-a41847 204->207 205->189 206->187 208 a41850-a41856 207->208 209 a41849-a4184c 207->209 208->203 211 a41858-a4186e call a3e110 208->211 209->207 210 a4184e 209->210 210->203 211->203
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: =<32
                                                                                                                                                                                                        • API String ID: 2994545307-852023076
                                                                                                                                                                                                        • Opcode ID: 2b8ab48a7e104b632dc34c6b83b870cae8e00363a6f98731e191dcbc06291d03
                                                                                                                                                                                                        • Instruction ID: 00e36fd92dfe5f6b7c23f08bd1d2104a7e7ce58427d9eef4a380fa045ea254f3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b8ab48a7e104b632dc34c6b83b870cae8e00363a6f98731e191dcbc06291d03
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8431313C708304ABE714DF549C91B3BB3A6EBC5750F18862CE684972E0E771EC808B82
                                                                                                                                                                                                        Function 00A08A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                        • Instruction ID: 11a209037d6140daaa5363b59406f6873cbca90ee2b4638d9a47825cbae46963
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1221C537A62B184BD3108E54DCC87917761E7D9328F3E86B8C9249F7D2C97BA91386C0
                                                                                                                                                                                                        Function 00A09D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 136 a09d1e-a09d34 137 a09d40-a09d52 136->137 137->137 138 a09d54-a09d7e 137->138 139 a09d80-a09d92 138->139 139->139 140 a09d94-a09e13 LoadLibraryExW call a3d960 139->140 143 a09e20-a09e32 140->143 143->143 144 a09e34-a09e5e 143->144 145 a09e60-a09e72 144->145 145->145 146 a09e74-a09e80 LoadLibraryExW call a3d960 145->146 148 a09e85-a09e98 146->148
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00A09D98
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00A09E78
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                                                        • Opcode ID: 2f4675e9b71c18b6039b52013d48e83fed6ab434344ea7f5a33d1e7bbc9d05ab
                                                                                                                                                                                                        • Instruction ID: 7220162e77ea5eae60c25047621c2dc96ff9f705f79cd793fc8a2f254140f7a8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f4675e9b71c18b6039b52013d48e83fed6ab434344ea7f5a33d1e7bbc9d05ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7741F078D003009FE7549F789992A9B7F71EB46324F514298E4902F3A6C631980ACBE2
                                                                                                                                                                                                        Function 00A3E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 161 a3e0a0-a3e0b1 162 a3e0f3-a3e0f4 call a3c570 161->162 163 a3e0c0 161->163 164 a3e0c6-a3e0cd 161->164 165 a3e0d4-a3e0e6 call a3f990 RtlReAllocateHeap 161->165 166 a3e0e8-a3e0f1 call a3c540 161->166 172 a3e0f9-a3e0fc 162->172 163->164 164->162 164->165 173 a3e0fe-a3e100 165->173 166->173 172->173
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,00000000), ref: 00A3E0E0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                        • Opcode ID: 749018dca15aebad1526377e86398d6caa509595bc9f52c98837df77ee1ecdb4
                                                                                                                                                                                                        • Instruction ID: 9abfd08f357708e1681a34c5d2f9166588f9fca8a476fd82b9cd174bf46dbb4f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 749018dca15aebad1526377e86398d6caa509595bc9f52c98837df77ee1ecdb4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F0E53A854221FBD310AF38BE06A573AB4EFC3730F060435F400A6161EB35E8278691
                                                                                                                                                                                                        Function 00A09EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 174 a09eb7-a09ef7 call a3fe00 WSAStartup
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 00A09ED2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Startup
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                                                                                        • Opcode ID: 23336496ff07be4c03c0a9277f86f634739386c9f56b0209d4d8a0574419a95f
                                                                                                                                                                                                        • Instruction ID: b6dc40e3c5d1f3e96e499c41cc01333ae4a18c9a8eb40c7c296dc94c1014da93
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23336496ff07be4c03c0a9277f86f634739386c9f56b0209d4d8a0574419a95f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8E02B3FA806029BD700DFB0EC57E8A7356DB973427058428F115C5072EA73A4119A10
                                                                                                                                                                                                        Function 00A3C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 177 a3c570-a3c57c 178 a3c583-a3c584 177->178 179 a3c585-a3c597 call a3f990 RtlFreeHeap 177->179
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,00A3E0F9), ref: 00A3C590
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                        • Opcode ID: ed799555cf9c28102f38472a6079dc98dabe6671aacbf1efb5db4e9cf61b5db7
                                                                                                                                                                                                        • Instruction ID: 1d7e5b05e9d6a7e586911830b6a5cad83b2924e3bfe293fbea8c024925065159
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed799555cf9c28102f38472a6079dc98dabe6671aacbf1efb5db4e9cf61b5db7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2D0C931815222EBC6106F68BC05BCB7A54EF5A221F070891B404AA074C625EC92CAD0
                                                                                                                                                                                                        Function 00A3C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 183 a3c55c-a3c568 RtlAllocateHeap
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000), ref: 00A3C561
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                        • Opcode ID: 076d4880e02a492f7238ce00e64728fce7bc8b3da5326bd7e246b090d1e489e4
                                                                                                                                                                                                        • Instruction ID: 6a269902d77fe3d51e2ef7531b9e59f73693a77d72f35c20c9b75d25a1d22ffe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 076d4880e02a492f7238ce00e64728fce7bc8b3da5326bd7e246b090d1e489e4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31A001721842109ADA566B64BC19B84BA21EB59622F124191F101594B6866198929A84
                                                                                                                                                                                                        Function 00A5A03C Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 00A5A064
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                        • Opcode ID: 1de621efb7f2929d1079ed18f6ebc6800889881e2113c457a1ad0a9b29eaeb91
                                                                                                                                                                                                        • Instruction ID: 8c373766d2a0187deb4e9c23ad4cc4ffc5ab9a9339a38a132929812b9ef9f0cc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1de621efb7f2929d1079ed18f6ebc6800889881e2113c457a1ad0a9b29eaeb91
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62216DB190824ECFDB148F28E4446DE3BF1FF59311F14462ADD02C7B86E2769D28CA49
                                                                                                                                                                                                        Function 00A597B4 Relevance: 1.3, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 00A5A064
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                        • Opcode ID: 15ae172fc0a5a650b77fe247c5ce5d17624e96b46946f9632f50dd6cf35c15a3
                                                                                                                                                                                                        • Instruction ID: 305d520109846be2736fe3bb2acf209edd137376ee6a4e726b4d5cb1bec194b4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15ae172fc0a5a650b77fe247c5ce5d17624e96b46946f9632f50dd6cf35c15a3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8F0D6B251C604CBD7086F58D8153BDB3F0EF58321F1A061DEA9287780D67518108A5A
                                                                                                                                                                                                        Function 00A59401 Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 00A5A174
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                        • Opcode ID: 6f709d10b71e02c92088bebdc3212cd7d818c71af79bd9e2304bb7bd8e6d9a52
                                                                                                                                                                                                        • Instruction ID: f2637a4bfb3bb322b41929defd32dc5640853b34eadfd4b5e474190640f242ce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f709d10b71e02c92088bebdc3212cd7d818c71af79bd9e2304bb7bd8e6d9a52
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF058B134C308DFE310AE68DC86BBEBBA4FB04311F06063DDEC987A40E67018849693

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00A242D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00A243AA
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00A2443E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                        • API String ID: 237503144-1429676654
                                                                                                                                                                                                        • Opcode ID: ecfcd638a6e35a024fb5cc9abb9b41ea4f763e884f00a2f751c2b01361dfbe7a
                                                                                                                                                                                                        • Instruction ID: e82b89ff09c5281f22a734d45bb12c1475e00b2ff16eebaa42084f404c5dbe99
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecfcd638a6e35a024fb5cc9abb9b41ea4f763e884f00a2f751c2b01361dfbe7a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EC20CB560C3948AD334CF58D452B9FBAF2FBC2300F00892DD5E96B255D7B1464A8B9B
                                                                                                                                                                                                        Function 00A24560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                        • API String ID: 0-3233044194
                                                                                                                                                                                                        • Opcode ID: 61fef0ce9de5f4f14183469c296fb648bf5b3e9d1063378e61e577913285220d
                                                                                                                                                                                                        • Instruction ID: 1c2a4d641ee9b12ea2fa18cea487734996f666722b877dcc9c384f8a31cd6c29
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61fef0ce9de5f4f14183469c296fb648bf5b3e9d1063378e61e577913285220d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31C20CB560C3948AD334CF58D442BDFBAF2FB82300F00892DD5E96B255D7B5464A8B9B
                                                                                                                                                                                                        Function 00A246D0 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 1047COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                        • API String ID: 0-3233044194
                                                                                                                                                                                                        • Opcode ID: 94df07c9ad4efc2cbe16c5bcde0ba8ad1b9d84713dd99e054c57192523f68e9b
                                                                                                                                                                                                        • Instruction ID: 78473fb8b8e3b1ff7e27489db19f942436599bb9527fa5af06e524f90d5d6cd3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94df07c9ad4efc2cbe16c5bcde0ba8ad1b9d84713dd99e054c57192523f68e9b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AC20BB560C3948AD334CF58D452BDFBAF2FB82300F00892DC5E96B255D7B5464A8B9B
                                                                                                                                                                                                        Function 00A39280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeString
                                                                                                                                                                                                        • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                        • API String ID: 3341692771-1335595022
                                                                                                                                                                                                        • Opcode ID: e5dc96c997e96b5582d8eec90f1ca61505d88f1094a97e288794fc0e922159b7
                                                                                                                                                                                                        • Instruction ID: ed33cec6fd7f08a75b721ab4f5c066edae99f0f0fdd4952147397403d2f0f43f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5dc96c997e96b5582d8eec90f1ca61505d88f1094a97e288794fc0e922159b7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC220276A183519BD310CF28C881B5BBBE2EFC5314F19892CF5D49B2A1D7B5D845CB82
                                                                                                                                                                                                        Function 00A160E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                        • API String ID: 0-2746398225
                                                                                                                                                                                                        • Opcode ID: 88d607751ba4673489c78c1517c62f2de54f3f08819ae681cbb9883b969214fb
                                                                                                                                                                                                        • Instruction ID: 3b7c3066e47c74ce3b03dd2afba17d32e58b5ab477c74caef8fe7b15106d0236
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88d607751ba4673489c78c1517c62f2de54f3f08819ae681cbb9883b969214fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C4225B6A083518FC724CF24D8917ABB7E2BFD6314F19893CD4D98B291DB359846CB42
                                                                                                                                                                                                        Function 00A0F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(?), ref: 00A0FDFC
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: #$6$=$\$g$m$w$x
                                                                                                                                                                                                        • API String ID: 237503144-139252074
                                                                                                                                                                                                        • Opcode ID: 319826f77404cf722bc56b58c0b2e52352e3abd103802bcf4905e64fd527d73c
                                                                                                                                                                                                        • Instruction ID: f286d1a579c893cfcc0974f04077e95c379fdadb43d2686ad3fbc5ce29e49b04
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 319826f77404cf722bc56b58c0b2e52352e3abd103802bcf4905e64fd527d73c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1729232A1C7908BD324DB38C85539FBAE2ABD5324F198B3DE4E9D73D1D67889418742
                                                                                                                                                                                                        Function 00A11227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                        • API String ID: 0-4163809010
                                                                                                                                                                                                        • Opcode ID: 0ff1c8e17af7d1959295b0aba568e84b878d99e60d7fe8fb920269a868a0dcda
                                                                                                                                                                                                        • Instruction ID: 70d3c571c1f944872e40e180f6e07f48d0290cc546806d035396b4831979441d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff1c8e17af7d1959295b0aba568e84b878d99e60d7fe8fb920269a868a0dcda
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B52917260C7818BC7249B38C5953EFBBE1AB95320F198A2DE5D9C73C1D6348945CB43
                                                                                                                                                                                                        Function 00BC80C9 Relevance: 11.6, Strings: 8, Instructions: 1620COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 'E*"$O@nW$ad_$fZO_$gb'_$Ovw$gd>$iw_
                                                                                                                                                                                                        • API String ID: 0-2519475021
                                                                                                                                                                                                        • Opcode ID: 282d7df5d3a250ccf27076ff29cc883a2e260b6561d6375880fe904e5e1c029a
                                                                                                                                                                                                        • Instruction ID: a3eee6444b2e5be4ecdd0fc3d86bb23b61199b274a3827fa29e7455649acd374
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 282d7df5d3a250ccf27076ff29cc883a2e260b6561d6375880fe904e5e1c029a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB229F3A0C2049FE7046E2DEC8567AFBE5EF94720F1A463DE6C4C3744EA3598058696
                                                                                                                                                                                                        Function 00A1747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                        • Opcode ID: c16aa3ef3bae6f64e6d6493869b6b7ba16bac0cf5f608965e091359164ac9fd0
                                                                                                                                                                                                        • Instruction ID: dbc261f0ce7b8436aa4873c0d7448cbbaf0655f32ef1c305e9827905b9b76900
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c16aa3ef3bae6f64e6d6493869b6b7ba16bac0cf5f608965e091359164ac9fd0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F82357550C3518BC724CF28C8917ABB7F1EFCA324F199A6CE8D59B2A5E7348845CB42
                                                                                                                                                                                                        Function 00A09310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                        • API String ID: 0-3116088196
                                                                                                                                                                                                        • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                        • Instruction ID: e0d185351cf547fb5da30d3c974d033247f3284ec32abed712abb17cb73c8df5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97C1147260C3D54BD322CF69A4A075BFFD19FD6310F084AACE4D51B386D266990ACB92
                                                                                                                                                                                                        Function 00BBC49F Relevance: 7.9, Strings: 5, Instructions: 1639COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: '(1{$9o[M$k+_~$z H$>[
                                                                                                                                                                                                        • API String ID: 0-663927710
                                                                                                                                                                                                        • Opcode ID: 3e5df99fb01eb2d3b3601563d9000d87ea10ff8ccacac8b27c71ce22c74d2596
                                                                                                                                                                                                        • Instruction ID: 78c802948452c4e54d9d973983b047fc7fcd745d0d56b3c9dcf4628fdf183542
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e5df99fb01eb2d3b3601563d9000d87ea10ff8ccacac8b27c71ce22c74d2596
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AB214F360C2049FE304AE2DEC8567ABBE5EF94320F164A3DE6C4C7744EA3598058697
                                                                                                                                                                                                        Function 00A281CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00A284BD
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00A285B4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                        • Opcode ID: 51c8ade52cba3618e5b10f9882b2ac14090d7803926d4294c67104819450ba48
                                                                                                                                                                                                        • Instruction ID: d601ef6fb5fc31e73a16c43614636dafd7c389934f8166a6ae0106bd560638d7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51c8ade52cba3618e5b10f9882b2ac14090d7803926d4294c67104819450ba48
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F22E079909391CFD324CF28E88072FB7E1AFC6310F194A7CE995572A1DB35A942CB52
                                                                                                                                                                                                        Function 00A283D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00A284BD
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00A285B4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                        • Opcode ID: 346432479a0e6ab9bba37fc00b8e31e4b9b24e41fb45e0136c502d9e27b25848
                                                                                                                                                                                                        • Instruction ID: f19c1a40573e72b7d302bcfd417a77838f812405f61d77a80c1283be8e632e24
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 346432479a0e6ab9bba37fc00b8e31e4b9b24e41fb45e0136c502d9e27b25848
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6112DF79909391CFD324CF28E88071FBBE1AFC6310F1A4A7CE999572A1D7359942CB52
                                                                                                                                                                                                        Function 00A9D4FD Relevance: 6.7, Strings: 5, Instructions: 436COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: $$3$?$V$X
                                                                                                                                                                                                        • API String ID: 0-2983603742
                                                                                                                                                                                                        • Opcode ID: 22b568997c3adca7c259f250b7b4c7d642f9c7b17d00a6d386697343a2481091
                                                                                                                                                                                                        • Instruction ID: 3e2b4c5b23d3e9168f650d0e08b68a816227bcd6f4a28257974bbe5ec4d02e84
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22b568997c3adca7c259f250b7b4c7d642f9c7b17d00a6d386697343a2481091
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E159B3E2146506FBAC0538C9293B5598297A1364F2F837D8F6B6B7C5DCAE0D8943C4
                                                                                                                                                                                                        Function 00BCD124 Relevance: 6.6, Strings: 4, Instructions: 1646COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: #a?l$8i.W$\ho?$mo7
                                                                                                                                                                                                        • API String ID: 0-1008505103
                                                                                                                                                                                                        • Opcode ID: ee0ceb17b547047b4ac1e8440f6f66bdcd10c2f249346b76161a12a6de00a096
                                                                                                                                                                                                        • Instruction ID: 59379bae26f80d138818e450ab025c8f5046f0beec128556ffa96310efd6b75a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee0ceb17b547047b4ac1e8440f6f66bdcd10c2f249346b76161a12a6de00a096
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CB208F3A0C2109FE3046E2DEC8567AFBE9EF94320F16493DEAC4D3744EA7558058696
                                                                                                                                                                                                        Function 00BC65A1 Relevance: 6.6, Strings: 4, Instructions: 1599COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: !}$0,$JZwc$#_
                                                                                                                                                                                                        • API String ID: 0-3720673193
                                                                                                                                                                                                        • Opcode ID: 496b768919dd8bd756a00659ba6352721a31efd1f8808fb3c5bcf0eba1ec33da
                                                                                                                                                                                                        • Instruction ID: b289a68657ffe7f4a2cec4450e2be68198248d8b7a7125b6b09678cde263f444
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 496b768919dd8bd756a00659ba6352721a31efd1f8808fb3c5bcf0eba1ec33da
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4B2F4B360C204AFE304AF29EC8567AFBE5EF94720F16893DE6C483744EA7558418797
                                                                                                                                                                                                        Function 00A224E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                        • API String ID: 0-1171452581
                                                                                                                                                                                                        • Opcode ID: 41f458420e4d668479490cf20560157e28f0f2dab1a06394f812abb2b31e980c
                                                                                                                                                                                                        • Instruction ID: 6ec3214c2a28fd05802a70e001fde0ed5d56cb6ef79e4cd1d3e47a6477b7691b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41f458420e4d668479490cf20560157e28f0f2dab1a06394f812abb2b31e980c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B9125B1A08310ABC714DF28D891B6BB7F5EF95314F14853CF9898B291E774E905C752
                                                                                                                                                                                                        Function 00A18169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                        • API String ID: 0-3257051659
                                                                                                                                                                                                        • Opcode ID: 31af411bb82c8eab3e3b6ec5dc109ba6724fe1ccf7e975c3672c7541acecc89b
                                                                                                                                                                                                        • Instruction ID: 8852ed24aa0a1f4fd68d2b12080a9c6ab8d0c94607106d80d7820185e83b449e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31af411bb82c8eab3e3b6ec5dc109ba6724fe1ccf7e975c3672c7541acecc89b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5A137B6A143508BD314CF28D8517AFB7E2FBC5314F198A3DE495DB391EA3889468782
                                                                                                                                                                                                        Function 00A21340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                        • API String ID: 0-3993331145
                                                                                                                                                                                                        • Opcode ID: 94145db609282abba08fe9ec70d783ef19a4b08734a1469800bd698eb78830dc
                                                                                                                                                                                                        • Instruction ID: 10a9db9cb3a8fe4381baa43ed3426d61ec2e08682fd321b3157db20b0523c5c7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94145db609282abba08fe9ec70d783ef19a4b08734a1469800bd698eb78830dc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D1F7B15183148BC724DF28D89166BB7F2FFE5354F089A2CE5968B3A0E7789904CB52
                                                                                                                                                                                                        Function 00A291AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00A291DA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: +Ku$wpq
                                                                                                                                                                                                        • API String ID: 237503144-1953850642
                                                                                                                                                                                                        • Opcode ID: e1b63cdf0b9131191ea404c11ea06fd022cdb1799781748460be4d6140859a42
                                                                                                                                                                                                        • Instruction ID: f30955e410322cf2198d7002e65c7f6ce9eea963e2294f4770ee271002d28c90
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1b63cdf0b9131191ea404c11ea06fd022cdb1799781748460be4d6140859a42
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3951BD7220C3528FC324CF69984076FB6E6EBC5710F15892DE4DACB285DB30D50A8B92
                                                                                                                                                                                                        Function 00A290D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00A29170
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: M/($M/(
                                                                                                                                                                                                        • API String ID: 237503144-1710806632
                                                                                                                                                                                                        • Opcode ID: 81174ce099f84c62b2b407e02ba68f4909b6f15a2d72e430f0c34d97db3d289f
                                                                                                                                                                                                        • Instruction ID: bbe434158c8729974b4bc3775b8372de209a54b8bba72a934e12d1fe170cf757
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81174ce099f84c62b2b407e02ba68f4909b6f15a2d72e430f0c34d97db3d289f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D21237165C3615FE714CE38A88579FF7AAEBC2700F01892CE0D1EB1C5D675880B8752
                                                                                                                                                                                                        Function 00BC318B Relevance: 5.2, Strings: 3, Instructions: 1489COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *9}!$gN{s$z3i[
                                                                                                                                                                                                        • API String ID: 0-3437314703
                                                                                                                                                                                                        • Opcode ID: 994946da546d2dc7879f541366f6e701c964c0cf809ed129c586bea4f393e8b1
                                                                                                                                                                                                        • Instruction ID: 768e5ad8a7ab2c38a41fd0fcc968b1c0b04f28715fa3d7426eae327fa00396ef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 994946da546d2dc7879f541366f6e701c964c0cf809ed129c586bea4f393e8b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30A217F360C2049FE3046E2DEC8567ABBE9EF94720F1A893DEAC4C7744E67558018697
                                                                                                                                                                                                        Function 00A2A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: VN$VN$i$i
                                                                                                                                                                                                        • API String ID: 0-1885346908
                                                                                                                                                                                                        • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                        • Instruction ID: bb99bd3d4666dda0aa556dbee2001111f3d4f72b8cf567158059f0d4ee3108a6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8421C62114C3918BD3058F6990402A7BBE3AFD6718F28466ED4F15B395E637C9094757
                                                                                                                                                                                                        Function 00A2A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                        • API String ID: 0-3117400391
                                                                                                                                                                                                        • Opcode ID: cdc14fff267f09e18c1402af94f8409afdf1f68ac3ff6e82d89ea27e2596d4a3
                                                                                                                                                                                                        • Instruction ID: e372c7b1cd719892ae3586fdbd18ac1411a839f769c9eec4e35b08956db2d27a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdc14fff267f09e18c1402af94f8409afdf1f68ac3ff6e82d89ea27e2596d4a3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9C1047950C381DFD704DF28E88166EBBE2AFD6310F188A6CF495472A2D736D946CB12
                                                                                                                                                                                                        Function 00A1D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: [V$bh
                                                                                                                                                                                                        • API String ID: 0-2174178241
                                                                                                                                                                                                        • Opcode ID: 0bb9e2a372f4adaa7067f0c297cfc1b7191402a6bbdf898bec5eb5f1fa032dea
                                                                                                                                                                                                        • Instruction ID: 32744592bc0609c62c0ed5d377d6b353222f0e58a0d62b264299b730652b5e30
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bb9e2a372f4adaa7067f0c297cfc1b7191402a6bbdf898bec5eb5f1fa032dea
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B3227B1911721CBCB24CF28C8916F7B7B2FF95310F18825CD8969B394E734A981CB91
                                                                                                                                                                                                        Function 00A682D6 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: +i3m$!<
                                                                                                                                                                                                        • API String ID: 0-1284956053
                                                                                                                                                                                                        • Opcode ID: d9328686f01695321c1fba1e82bca2bf06e84fe8365d6a10423905c0f50702c1
                                                                                                                                                                                                        • Instruction ID: 851ede1528f56065ac589cda08cb87c5f8a1da219574c93f7abc7883ac15c644
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9328686f01695321c1fba1e82bca2bf06e84fe8365d6a10423905c0f50702c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3F1F0F3F142148BF3445E29DD993A6B6D6EB94320F1B823C8E88977C4D97D9D098285
                                                                                                                                                                                                        Function 00A04270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                        • Opcode ID: 056afc89a24a979feb9c614be16ae8a9dde38b6c40aa64fddeaee9c863a68f5a
                                                                                                                                                                                                        • Instruction ID: 65a8b959933c27e0a7bb4a883b4da114e937d3b79660b24d435c9efeaf16d8ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 056afc89a24a979feb9c614be16ae8a9dde38b6c40aa64fddeaee9c863a68f5a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D18EB19083499FD720CF14E845B5EBBE4BB98304F14492DFA999B3C2D775E908CB92
                                                                                                                                                                                                        Function 00A733D1 Relevance: 2.8, Strings: 2, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: o^$qYo
                                                                                                                                                                                                        • API String ID: 0-675902465
                                                                                                                                                                                                        • Opcode ID: 33e9b4742ecda8219a9f98d8efb8ad01bd1372d911bc3f4956ee5e1e7bd493cc
                                                                                                                                                                                                        • Instruction ID: f7521dc996a913bb5cda9ba972ddedaca87e2d4c145b923eb6eaa836f9a75386
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33e9b4742ecda8219a9f98d8efb8ad01bd1372d911bc3f4956ee5e1e7bd493cc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C89124B3F196244BE3405D3DCD94366B6DAEBC4320F2B863DDA98E77C4E9798C064281
                                                                                                                                                                                                        Function 00A0D4F3 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Fm$V]
                                                                                                                                                                                                        • API String ID: 0-2730126902
                                                                                                                                                                                                        • Opcode ID: 656e9307196533d4fc980c731e9102bb940d29c2c881d7c894b4ac8fd2b4d3cc
                                                                                                                                                                                                        • Instruction ID: bb37e041b7b369e698318ee843cd7b048ff0d722ab959dd8c9503e959278ff91
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 656e9307196533d4fc980c731e9102bb940d29c2c881d7c894b4ac8fd2b4d3cc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B91E1B62557408FD325CF69D880656BFA2EFD631872D869CC0994F766C33AE807CB90
                                                                                                                                                                                                        Function 00BB8067 Relevance: 1.8, Strings: 1, Instructions: 566COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ]U?
                                                                                                                                                                                                        • API String ID: 0-1446178746
                                                                                                                                                                                                        • Opcode ID: 739b3701436e798c3a3150d83948065228e026ca4c24bb2efafd82db3bf14352
                                                                                                                                                                                                        • Instruction ID: 7e9cb21a5b5ca60e35cacfeb2b84674137046efd7464afc08159ab9b326fd228
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 739b3701436e798c3a3150d83948065228e026ca4c24bb2efafd82db3bf14352
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F0228F390C2109BE3046E2DEC856BABBE5EFD4760F1A463DEAC4C3744EA7558058687
                                                                                                                                                                                                        Function 00AB66C5 Relevance: 1.8, Strings: 1, Instructions: 515COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: jxy7
                                                                                                                                                                                                        • API String ID: 0-1769838115
                                                                                                                                                                                                        • Opcode ID: 472319b326ef072f9400f8cef1fd73049cf02c1b37c6f91c7f8de264946eba90
                                                                                                                                                                                                        • Instruction ID: 8cd843b3b99c28954b21fb62b92f7ed8bd6599036d0b12be9c6b9c09d37c458e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 472319b326ef072f9400f8cef1fd73049cf02c1b37c6f91c7f8de264946eba90
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5702E0F3F152208BF3444A29CC94366B692EBD4720F2B853D9A88AB7C4D97E5C099381
                                                                                                                                                                                                        Function 00A78198 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: iWk
                                                                                                                                                                                                        • API String ID: 0-1136886426
                                                                                                                                                                                                        • Opcode ID: 51dbb9e8567029adbc7779d9d21e7b2ea50be49472684693655f595e136d8205
                                                                                                                                                                                                        • Instruction ID: 11481b0e44f799e28d0cd22342d3e1a389dce5f3755cc442ad55376d0d8af881
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51dbb9e8567029adbc7779d9d21e7b2ea50be49472684693655f595e136d8205
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A602B2F3F112214BF3544938DD98366A693DBD4320F2F82389E98AB7C9D97E5D4A4384
                                                                                                                                                                                                        Function 00A7C446 Relevance: 1.7, Strings: 1, Instructions: 474COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Iu0
                                                                                                                                                                                                        • API String ID: 0-750749634
                                                                                                                                                                                                        • Opcode ID: 82210cd5997ffe152cc48a4e627d167cdeb6b198b323bf17f1195175a93a4901
                                                                                                                                                                                                        • Instruction ID: 923457bce153f4217e7b32761d54eea983bde6e8ac7e14e79f4f3a319f64a94b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82210cd5997ffe152cc48a4e627d167cdeb6b198b323bf17f1195175a93a4901
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AF1CDF3F142108BF3545E69DC88366BA93EBD4310F2B853C9A889B7C5D9BD580A8785
                                                                                                                                                                                                        Function 00AD6114 Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ~R{w
                                                                                                                                                                                                        • API String ID: 0-3342251727
                                                                                                                                                                                                        • Opcode ID: 3af14caf27ce7b8100d0bb5872d6ae94936cc2d8d3147e7e6895aac8aefcbced
                                                                                                                                                                                                        • Instruction ID: 96270183d182b4d7cbcfa8c1eda3ecd3ee6f5888efe7cd09dea30fdbb3e348f4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3af14caf27ce7b8100d0bb5872d6ae94936cc2d8d3147e7e6895aac8aefcbced
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63D1BEF3F142144BF3148E29DC98766B696EBD4320F2B823C9E885B7C5E93E5D068285
                                                                                                                                                                                                        Function 00A2D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(1A11171A), ref: 00A2D2A4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                        • Opcode ID: c013722849618a66eeed658720e434d70b50724e159926c9ecca2b814696aa45
                                                                                                                                                                                                        • Instruction ID: 0aa67f72779cf359b66f5c78476c219ff73ae32b24c3fb660b2a7eb427360bef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c013722849618a66eeed658720e434d70b50724e159926c9ecca2b814696aa45
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F941E3745043828BE3158F38D9A0BA2BFE1EF57314F28869CE5D64B393D635E846C751
                                                                                                                                                                                                        Function 00A2D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ><+
                                                                                                                                                                                                        • API String ID: 0-2918635699
                                                                                                                                                                                                        • Opcode ID: 819e830d240cd10520d61454cbcf19c5a8661e921d7f7b3182094e7c9e167e58
                                                                                                                                                                                                        • Instruction ID: 4b1d46ca4e0cfad73ab94da531256d983663aed8ee2a07fcb85a59d04456f5bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 819e830d240cd10520d61454cbcf19c5a8661e921d7f7b3182094e7c9e167e58
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DC1C2756047418FD725CF2AD490762FBE2BF9A310B2885ADC4DA8B753C735E806CB50
                                                                                                                                                                                                        Function 00A2B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                        • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                        • Instruction ID: 9ead44a2b7be9eb5f94e82eeee322df686c34348ae38786d33ecfb86b2d88ff3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CC12A72A143259FD725CF28E49076BB7E5AF85310F19893DE4968B382E734EC44C7A2
                                                                                                                                                                                                        Function 00A65092 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: %
                                                                                                                                                                                                        • API String ID: 0-2567322570
                                                                                                                                                                                                        • Opcode ID: 4f57df65f47817bf5320ddc15aeb2cdb55eea91b7f1299ffc9d4e3f4ede90f9d
                                                                                                                                                                                                        • Instruction ID: 391435e88a432d4d5eff04c7dfb7ffe8c1e95b7dc139d67bb8d145625d7c9ea1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f57df65f47817bf5320ddc15aeb2cdb55eea91b7f1299ffc9d4e3f4ede90f9d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69B18FB7F1122547F3940928DC983A27683EBD1325F2F82788E886B7C5ED7E5D4A5384
                                                                                                                                                                                                        Function 00A6B62D Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: `uOo
                                                                                                                                                                                                        • API String ID: 0-3803491751
                                                                                                                                                                                                        • Opcode ID: 120b2977a75b7a5b6ca4f2b9795e52f3b4a4ead98f7490460fe02d24a3409ee6
                                                                                                                                                                                                        • Instruction ID: 046d800e950a80f6090f192c61a6492b135b9dbc24786e506e2c72362aa49e4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 120b2977a75b7a5b6ca4f2b9795e52f3b4a4ead98f7490460fe02d24a3409ee6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97A1AAB3F2122547F3844978CC983A26282DBD5320F2F82798E99AB7C5D97E5D4A5384
                                                                                                                                                                                                        Function 00A27440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 2994545307-3116432788
                                                                                                                                                                                                        • Opcode ID: 2d415cf3cc0571f0153067f81cbf89f4cec69da07b12aa6701cb5ef81fa7af8a
                                                                                                                                                                                                        • Instruction ID: e5060f5c0d703c711ef1c3227e6783f96d78cbdc086066944d6435940c2e06c8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d415cf3cc0571f0153067f81cbf89f4cec69da07b12aa6701cb5ef81fa7af8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 497139B5A0C3205BD7189F6CEC92B3FB7A1EF82314F18853CE48687292E234DD058352
                                                                                                                                                                                                        Function 00A94088 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: J(e
                                                                                                                                                                                                        • API String ID: 0-1570230357
                                                                                                                                                                                                        • Opcode ID: 95df0f8a9525e7dd7479a7ee754344a14d6ba19017b1c0e8779f4f542dfaa2c1
                                                                                                                                                                                                        • Instruction ID: d182ca829f3ee54382cace6e5e724252517a6bb0c35767f0306d2fa58c644ede
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95df0f8a9525e7dd7479a7ee754344a14d6ba19017b1c0e8779f4f542dfaa2c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D99147B3F1152547F3988939CD683626583ABD5324F2F82388F596B7C9DC7E5D0A4384
                                                                                                                                                                                                        Function 00A2C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: x|*H
                                                                                                                                                                                                        • API String ID: 0-3309880273
                                                                                                                                                                                                        • Opcode ID: 2959b78c2bb77008f0b64c94ce443a5993a7bc3f8fe014d50c9d3d8dd94e31ce
                                                                                                                                                                                                        • Instruction ID: 8b57e9bd5b5cc634adfa7c0624cd32cc8079abd347f47a1d85076dbf872359fa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2959b78c2bb77008f0b64c94ce443a5993a7bc3f8fe014d50c9d3d8dd94e31ce
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B7133706087918FE729CF39D4A0726BBE2AF57314F28C0ADD4D78B796D63998068750
                                                                                                                                                                                                        Function 00A64442 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ]
                                                                                                                                                                                                        • API String ID: 0-3352871620
                                                                                                                                                                                                        • Opcode ID: eb31a650b2f494f0ea540d185f3d3ff63fe0d62a1f31c4ee47642fa225ae59ac
                                                                                                                                                                                                        • Instruction ID: ade6c93aaf2de282e094347871c4a3b8b7c6edaaf392d8a6e40f2827b99ebb70
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb31a650b2f494f0ea540d185f3d3ff63fe0d62a1f31c4ee47642fa225ae59ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23918BB3F2052547F3984925CD583A26683EBD5320F2F82788F88AB7C5D97E9D0A53C4
                                                                                                                                                                                                        Function 00B1B31D Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: #XNt
                                                                                                                                                                                                        • API String ID: 0-3372119914
                                                                                                                                                                                                        • Opcode ID: 648623d449ffed56fabe2aced56da25deb3e47802266c7c073ed08ee58adcf59
                                                                                                                                                                                                        • Instruction ID: 7be6512aae6e4f9ca9b72fd6fb621c714893d900910f2df1f1d05f59be68f45a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 648623d449ffed56fabe2aced56da25deb3e47802266c7c073ed08ee58adcf59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 456125F3E092145BF3046D2ADC947B6B7D6EBD4724F2B823DD68857784E9365C0542C2
                                                                                                                                                                                                        Function 00A0D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                        • Opcode ID: be2e18151bcdb0795f82e3400d0744f767e7a39619eb7f96eb2578110a73ef59
                                                                                                                                                                                                        • Instruction ID: 90196f82247fdfe07c9e2f436301bf8c781e8cae5849c5474a34b61fd3da072b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: be2e18151bcdb0795f82e3400d0744f767e7a39619eb7f96eb2578110a73ef59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32515C797453008FD724CFA4E8D0636B7E1EBA6714B19881CD197876A2C332FC02C742
                                                                                                                                                                                                        Function 00AC834E Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: V,/
                                                                                                                                                                                                        • API String ID: 0-2795344995
                                                                                                                                                                                                        • Opcode ID: b2ffec01e5f6b49c95a17fedd16599e95240091dda0935038b8e7e9878b5805d
                                                                                                                                                                                                        • Instruction ID: a1664726003baad832cb0afc4e2e5a477ab79f659a19d0f0592a402cd2015f36
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2ffec01e5f6b49c95a17fedd16599e95240091dda0935038b8e7e9878b5805d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92816CB3F112254BF3444E78CC983527693EB96324F2B8278CE98AB7C5D97E5D099384
                                                                                                                                                                                                        Function 00AD1536 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: O9w:
                                                                                                                                                                                                        • API String ID: 0-1878753259
                                                                                                                                                                                                        • Opcode ID: cbaf91208de066cb0f7330a8bc90e296bb5777d579e4b3b594678fa5ee35f00b
                                                                                                                                                                                                        • Instruction ID: 7a3e7b236ffa00ced9033761088f5cf39da6ce1ce84c9849b7a88d03a5530402
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cbaf91208de066cb0f7330a8bc90e296bb5777d579e4b3b594678fa5ee35f00b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE71BFF7F512254BF3444E68DC983A17252EB95320F2F82388E586B7C5DDBE6D0A5384
                                                                                                                                                                                                        Function 00A810F4 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )
                                                                                                                                                                                                        • API String ID: 0-2427484129
                                                                                                                                                                                                        • Opcode ID: 291d94b7ac1b8538d902a8bf476287fe4f4a4f2d5b9c796d9b44e1e64b485314
                                                                                                                                                                                                        • Instruction ID: ccf9f696c6e9a040cabcb996345e175b0be9c25f0a1599f59ef5399633e78f5f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 291d94b7ac1b8538d902a8bf476287fe4f4a4f2d5b9c796d9b44e1e64b485314
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87617BF3F1152547F3544929CC983616683ABE1325F2F82788F58AB7C9EC7E9C0A5388
                                                                                                                                                                                                        Function 00A0F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                        • Opcode ID: 93617b563c246a51645a90f8f2dbbb29219c44e120f807c4f19ab19d01c9bc19
                                                                                                                                                                                                        • Instruction ID: 57ec9e5b3fed48f4a4db8e6e50a1ff2bfa81c5954ab634815944791c984f58f2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93617b563c246a51645a90f8f2dbbb29219c44e120f807c4f19ab19d01c9bc19
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D461E83260C7948FC7249A3998513DFBBD19B96324F294B3DE9E5D73D2E2348501C742
                                                                                                                                                                                                        Function 00A41160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                        • Opcode ID: 5af4d99850ea5ef25a2747fa363bae8d1fc87a37fbd52a7ad999c69f4fb70eaa
                                                                                                                                                                                                        • Instruction ID: 533512ba5b2642c036ffd87435613547e5163287afb3cad55960df16a592372f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5af4d99850ea5ef25a2747fa363bae8d1fc87a37fbd52a7ad999c69f4fb70eaa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E04111B9A083109BD714CF54CC56B7BBBA1FFD5354F088A2CE5855B2A0E375A844C782
                                                                                                                                                                                                        Function 00A2C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: AB@|
                                                                                                                                                                                                        • API String ID: 0-3627600888
                                                                                                                                                                                                        • Opcode ID: cb7da5eee8174c82d8dce4923b1a6f3496a21d7ed69e243f33799acac72c7f77
                                                                                                                                                                                                        • Instruction ID: fe0657bb44eca6a03b68fe07775ec245bcabbc8da2c03dcd496e055cc27392a3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb7da5eee8174c82d8dce4923b1a6f3496a21d7ed69e243f33799acac72c7f77
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 774106755046928FD722CF39C850766BBF1BF97310B2896A8D0D28B697C735E845CB50
                                                                                                                                                                                                        Function 00A28528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                        • Opcode ID: b7b5cccea515cdbdcefb85de2df4a93a43a95b30e0007e91e3217ed7b529b65a
                                                                                                                                                                                                        • Instruction ID: 1ad76a82abccfa925d9b87c51d04e2c1da2df9356c685cbb9d47b15c022b1523
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7b5cccea515cdbdcefb85de2df4a93a43a95b30e0007e91e3217ed7b529b65a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2321CE7864A2109BD71CCB3CD891A3BB3A3FBD6314F39163CE153526A6DB39D8124685
                                                                                                                                                                                                        Function 00A40340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 2994545307-2766056989
                                                                                                                                                                                                        • Opcode ID: c592f8d6a361885941feeb18abcdc43dc4846beb6dfe8e9f9b2523cf5f9210d9
                                                                                                                                                                                                        • Instruction ID: b0a4e6e31f8ee2ecee2667789f818fa2d5246c736d7be4b195ba5840cf1f8a4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c592f8d6a361885941feeb18abcdc43dc4846beb6dfe8e9f9b2523cf5f9210d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1631EE796083048BD314DF58D8D2A6FFBF4EBC5324F18892CE79987290D7359848DBA2
                                                                                                                                                                                                        Function 00A2E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: de9982d19afc3a500d3072d0e0ea0bf824aa33241e1756141a630117145ef93f
                                                                                                                                                                                                        • Instruction ID: a4702a0cedac955ed58d210cad621ae490b644edb8a19c2cbc0515d3b2f6592f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de9982d19afc3a500d3072d0e0ea0bf824aa33241e1756141a630117145ef93f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F662E4F9911B419FC3A0CF29D881797BBE9EB89350F15491EE1AEC7311CBB465018FA2
                                                                                                                                                                                                        Function 00A065F0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c0d5317a4f7852c5e97a58dfc1ebfcf1ce351025bf6016234481de47529e4acb
                                                                                                                                                                                                        • Instruction ID: eb0cf620482ac6aea293f35bb2f0f004375f49d97d1967be369e955ecd579143
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0d5317a4f7852c5e97a58dfc1ebfcf1ce351025bf6016234481de47529e4acb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D52D5B0908B888FEB35CF24D4843A7BBE1EB95318F14892DD5E706AC2C379A995C751
                                                                                                                                                                                                        Function 00A073D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                        • Instruction ID: 18869cfff3d0437f7ae5f47e27f8b80a106989511e8e3cf953df80c1a3d890f7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F22BF32A0C7158BC725DF18E8806AFB3E2FFC5315F198A2DD98697285D734B855CB82
                                                                                                                                                                                                        Function 00A93472 Relevance: .5, Instructions: 507COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bdd84a83f422c05da8ca33b36d40e85623889ab0f8534ec6de9b32bba9beb925
                                                                                                                                                                                                        • Instruction ID: d056ae6b7dbf9e31fe62d3464779cc00553624e93b3d6b992a3f7347a0f5771d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdd84a83f422c05da8ca33b36d40e85623889ab0f8534ec6de9b32bba9beb925
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7102CEF3F142108BF3584E28DC98366B692EB94324F2B863CDB899B7C5D93E5C058785
                                                                                                                                                                                                        Function 00A8F339 Relevance: .5, Instructions: 501COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 64825968d0f50ec23c3882780206bc9023fbc2595eda95f088c722fef0894500
                                                                                                                                                                                                        • Instruction ID: 98aacd09d8e13ad2ceedd44e231b708c8c94bed5682c15853dafa9b53fbcfd76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64825968d0f50ec23c3882780206bc9023fbc2595eda95f088c722fef0894500
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F18DB3F005204BF3548A29CC543A6B6D6ABD4720F2F853C9E88A73C5E97E9C4687C5
                                                                                                                                                                                                        Function 00AD32AA Relevance: .5, Instructions: 498COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 12750b8cbd4572f0adb5bc036e29a65a8f8184c0ddae38c948f0b72d065184e7
                                                                                                                                                                                                        • Instruction ID: f2aa126f8b6d18b748f9b026ca2deb50fc61b1042f42466eed3cf83a056ae234
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12750b8cbd4572f0adb5bc036e29a65a8f8184c0ddae38c948f0b72d065184e7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94F19EF3F106114BF3548A68DC98376B692EBD4310F2B823C9E99A77C4E97E9D054385
                                                                                                                                                                                                        Function 00A793CA Relevance: .4, Instructions: 447COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7d8b87effbcacacdf837785a60801ba31c60eac95dd24b77f529ee124b987bfc
                                                                                                                                                                                                        • Instruction ID: 14ee0491356ca6b5ec72a114c15cb5839afb47e9169998790a12b3589ee58845
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d8b87effbcacacdf837785a60801ba31c60eac95dd24b77f529ee124b987bfc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59E1C1F3E142244BF3545E29DC98366BA92EBD4320F2B853DDE88A77C4D93E5D098385
                                                                                                                                                                                                        Function 00A3A5D4 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 63505f067afd829298e9642ae2b2de5bfebdc1cd621a492482b524944e04fdec
                                                                                                                                                                                                        • Instruction ID: c2e51f8dd258c924e17a9a28662bb1c22da167741b5b9cd5783706ad279f6e9c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63505f067afd829298e9642ae2b2de5bfebdc1cd621a492482b524944e04fdec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6D1163A528316CBCB148F78E852267B3F1FF89741F5A897CD481872A0E73AC965C752
                                                                                                                                                                                                        Function 00A7242F Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3514b4a878144e3b7276917f42578998337d9300717530607b45d20ee5b9c7ee
                                                                                                                                                                                                        • Instruction ID: de3f4cc3f0ba385045bc4c07432f8b34682d12c1073c9f01ce52ef44e25acab7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3514b4a878144e3b7276917f42578998337d9300717530607b45d20ee5b9c7ee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CD1D3F3E142244BF3105E29DC843A6B792EB94320F1F4638CE88AB7C5E97A5D4987C5
                                                                                                                                                                                                        Function 00AD2447 Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9a75c25ae3357bf59680d29cb0e61db6b49b793c164f341916e1a718281abc53
                                                                                                                                                                                                        • Instruction ID: 784f605c0555bf4d6dd4ca9bdf2dff915297ce18722b0d9801d738e6da634da7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a75c25ae3357bf59680d29cb0e61db6b49b793c164f341916e1a718281abc53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42D18FB7F112254BF3544978DC983A26683EB95314F2F82388F58AB7C6DCBE9C495384
                                                                                                                                                                                                        Function 00A905CC Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 28f4919599d494293cfd377e20d9b3fbe710fe3098703d5b93844774986d3341
                                                                                                                                                                                                        • Instruction ID: c1f744be49a10087efdfb501c72f7a102571e2b043ca9d538bf4482e7ce403bd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28f4919599d494293cfd377e20d9b3fbe710fe3098703d5b93844774986d3341
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3D18FF3F1163547F3544978DC983A266829BA5324F2F82788E8CAB7C5E8BE5C0953C4
                                                                                                                                                                                                        Function 00A96087 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1985554fb61c81be220b3893d906b6c9852f82bb841c7426365fda53b057e31e
                                                                                                                                                                                                        • Instruction ID: de5b1c8347112934f4f187d49af43224c4b3821e55bf457e84f4a1838eeee416
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1985554fb61c81be220b3893d906b6c9852f82bb841c7426365fda53b057e31e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49D1F3B3F142148BF3485E29DC98376B792EBD4710F2B853D9A899B3C4D97DAC098385
                                                                                                                                                                                                        Function 00A85223 Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d5d4a6524592a762feb257ae734dcc712663eb603f1080dc0501ba3bb7d3d21e
                                                                                                                                                                                                        • Instruction ID: 7dd07be1e08cd1644a5f0aba708eabd38eaaa12c8cb4b4b760d3a191456d6b73
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5d4a6524592a762feb257ae734dcc712663eb603f1080dc0501ba3bb7d3d21e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13D14BB3F102244BF3584979CDA83626583EBD5324F2F82788F99AB7C5D8BE5D065384
                                                                                                                                                                                                        Function 00AC86D4 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 475485602033c7b7441f1d3b98887a10b58107af0f94a640a51bd3d76eba1a87
                                                                                                                                                                                                        • Instruction ID: 978728aaa568c951b1a0fca4fa781f59c425d4efc6907a1bf0989e35e0877d9f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 475485602033c7b7441f1d3b98887a10b58107af0f94a640a51bd3d76eba1a87
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7D19EB7F5162547F3544968CCA83A26583DBD5320F2F82388F59AB7C6EC7E4C0A5380
                                                                                                                                                                                                        Function 00AD0360 Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c1a59193a70874c372e343471a86c165cc04ec471e21cbb086aea44544f0b79d
                                                                                                                                                                                                        • Instruction ID: ff8460bf48878cede61d557baf06b22d24f8b22df294676ac658f25aa4124025
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1a59193a70874c372e343471a86c165cc04ec471e21cbb086aea44544f0b79d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37C19BF3F5122447F3444978CDA83A22682AB95324F2F42798F4DAB7C6DC7E5D0A5384
                                                                                                                                                                                                        Function 00AA3599 Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 37e3d1b8c1e06395f88dd4640cfc9a3737f239e315ba4cc6797eb0b05b837a38
                                                                                                                                                                                                        • Instruction ID: 65dbddde1ad20157bd3c8530c8bf318c2d12ae5ef2f3330fef057b70c4323f27
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37e3d1b8c1e06395f88dd4640cfc9a3737f239e315ba4cc6797eb0b05b837a38
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74C157F3F1112647F3584939CD6836266839BD5324F2F82388F4DABBC5E97E5D0A5284
                                                                                                                                                                                                        Function 00AB842F Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: efa8d0ee1e288adcabc3aeda85ed7d72115c45d4f5b16806e1e57078432534e8
                                                                                                                                                                                                        • Instruction ID: 3dc0e879efbb6221b23e72a2aa9c698417f2cb235af492c9e7c8fba2414b6f23
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efa8d0ee1e288adcabc3aeda85ed7d72115c45d4f5b16806e1e57078432534e8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BC168F7F1122547F3444979CD983A2A6439BD1324F2F82788E5C6BBCADC7E9D0A5284
                                                                                                                                                                                                        Function 00A6B0AA Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6d96d9131e6a71b87b656b3df2600fc70fb493d411bb7bbfbf4b2c468d9fb9f2
                                                                                                                                                                                                        • Instruction ID: baa41e59d174ce6c137a678d3a48ad12023761413b1c434e63a6fa115e8161fa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d96d9131e6a71b87b656b3df2600fc70fb493d411bb7bbfbf4b2c468d9fb9f2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DC17BB3F1152547F3984929CC683A26683ABD5324F2F82788E8DAB7C5DD7E5C0A53C4
                                                                                                                                                                                                        Function 00A69235 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0300d87e7ed0128075c4e0848a6941314b97d23f241c2572a508ae95ecb839fa
                                                                                                                                                                                                        • Instruction ID: 6ec5933da1bbc845af6886ea708fca3c9893133c8bece6b872cf79f1c07d6efa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0300d87e7ed0128075c4e0848a6941314b97d23f241c2572a508ae95ecb839fa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBC17BB3F6122547F3984928CC583A26683ABD5320F2F82788E5DAB7C5DD7E5D0A5384
                                                                                                                                                                                                        Function 00AB0585 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f3a96d36092629de143873869d064d2289eaebbc119548f77d7571fe2730f30c
                                                                                                                                                                                                        • Instruction ID: e49595ad01640aec78afd96a9e29bf9e86b6a434e2b0aefe21ba7eadf4b22d20
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3a96d36092629de143873869d064d2289eaebbc119548f77d7571fe2730f30c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76C18FF3F502254BF3484978CDA93A26642DB95310F2F82398F4AAB7C5DDBE5C4A5384
                                                                                                                                                                                                        Function 00A884AB Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 02bc9765353c9b1c25fb9ab6301db8ae21ff404a311e0bf504bdcc0382906123
                                                                                                                                                                                                        • Instruction ID: fffdd73cd0071e49c107b460d795d0b20dc10219f3aaeb2fc956afc04b775c48
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02bc9765353c9b1c25fb9ab6301db8ae21ff404a311e0bf504bdcc0382906123
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C180B7F1112547F3544929CD583A26683DBD1324F2F82788E9C9BBCADC7E9D0A5384
                                                                                                                                                                                                        Function 00ABC418 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e6d9ae56596993710f3393a956a7597b99a27e4645f7e0132ab053576a89f60d
                                                                                                                                                                                                        • Instruction ID: 414fd34a6cc05acd29018f490036968b1c67d1d958c0ff97231d097e863578ba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6d9ae56596993710f3393a956a7597b99a27e4645f7e0132ab053576a89f60d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1C18AB3F2122547F3444939CD593A26643DBD1314F2F82388B99AB7C5ECBE9C0A5384
                                                                                                                                                                                                        Function 00A7E25A Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c79c0ba83d4623bb793295d3abfedd3029c9a2554d5881810e7cdda3fd91af08
                                                                                                                                                                                                        • Instruction ID: 7ec22d33118d9bdcbac67aee9420f39ff7ee430d2f12704a72fc0463cc9268ca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c79c0ba83d4623bb793295d3abfedd3029c9a2554d5881810e7cdda3fd91af08
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0C16CB3F5162547F3544878DD983A26683EB91324F2F82388EA9AB7C5ED7E9D0543C0
                                                                                                                                                                                                        Function 00A9234F Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16fd325a005d38ae6b490c9db5beb6de0746d4f7121763787a2a2cb7c7de0670
                                                                                                                                                                                                        • Instruction ID: 76a7cc847b5d068058b4761529c238bf00f67d8a66d246cfa418cce06620d9f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16fd325a005d38ae6b490c9db5beb6de0746d4f7121763787a2a2cb7c7de0670
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25C165F7E115250BF3944978CD58362A5829BE1324F2F82388F9CBBBC5E87E5D0A12C4
                                                                                                                                                                                                        Function 00A0E687 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 96cb869505459fd2e8fdfb4e35af1994aaeb59e007e952eaf2569b5a44536127
                                                                                                                                                                                                        • Instruction ID: 37f245d0301ce6ad3053a7361d0812d9ef28f12a69d0b5f34174da9516da4cd8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96cb869505459fd2e8fdfb4e35af1994aaeb59e007e952eaf2569b5a44536127
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48815A756407418BD324CB38DC927A7B7E2FF9A315F0CCA6CD4868B783E679A8468750
                                                                                                                                                                                                        Function 00A610B5 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 96a0db8daa6502b300cddfbad420d3f1d1e440dcef124c4c241edb38470754ac
                                                                                                                                                                                                        • Instruction ID: 04b9242c7d881fb1942cc2feaa50b4047f46b38ea38330e6f84af6074aebd3c6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96a0db8daa6502b300cddfbad420d3f1d1e440dcef124c4c241edb38470754ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB169F3E2153507F3544878CD583A26583ABA5320F2F82388E5DBBBC5D8BE5D4A52C4
                                                                                                                                                                                                        Function 00AAC1DD Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d90c234bf80dbb12988e16c69050e280fc01d9b6f4b1ce2494faa5640770a334
                                                                                                                                                                                                        • Instruction ID: 89d30cfda0dbcc5803e999ea7f3cf8c4bff2987eb78e7e4712b9c82c22568a9a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d90c234bf80dbb12988e16c69050e280fc01d9b6f4b1ce2494faa5640770a334
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26B14BB3F5022547F3544879CDA836265839BD0324F2F82798E9CABBCAD87E5D0A53C4
                                                                                                                                                                                                        Function 00A7D2EB Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: de50ee2c66303138c049c9576e52f285dd0f41622cb9d19add0433888b5f503b
                                                                                                                                                                                                        • Instruction ID: 4fa31ab82e9356af707c77bbcf6c613cd6d03040fc115529579b5d71044277a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de50ee2c66303138c049c9576e52f285dd0f41622cb9d19add0433888b5f503b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02C19DF7F5161547F3444D28DC993A26683EBD5320F2F82388A889B7C9ED7E9D0A4384
                                                                                                                                                                                                        Function 00AC0539 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f8585280bfbf2602569998b5f7a465f9e966c2c2bd0106876a255f87dd724a7c
                                                                                                                                                                                                        • Instruction ID: 59481991606b8b7ab151b3775e67fff026031ba58fa5f909308d6b16d91bc76c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8585280bfbf2602569998b5f7a465f9e966c2c2bd0106876a255f87dd724a7c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74C18DB3F2122447F3484939CC683666683E7D5324F2E823C8B5A9B7C9DC7E990A5384
                                                                                                                                                                                                        Function 00A1E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a7eeae837b67d3c3acc1f075bea6a1d9cc3ca07ffd308a606f86ed49991c7e24
                                                                                                                                                                                                        • Instruction ID: c180c4df418ae6c7195c40cdf44785d54404433b3cbd2a080779e525a972ee93
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7eeae837b67d3c3acc1f075bea6a1d9cc3ca07ffd308a606f86ed49991c7e24
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36B11575904302AFD720CF24CD41B9ABBE2BFD8315F148A2DF898972B1D77399448B82
                                                                                                                                                                                                        Function 00A803FA Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b089e5a99a9a34b2bb93fad93f88dbe97096bcb3780288b41f8a83d4a72f7f3d
                                                                                                                                                                                                        • Instruction ID: 8b46b622ed534fb3262fe1e5b26bd7800cedb7b092c11cb8c5cb709991d1498a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b089e5a99a9a34b2bb93fad93f88dbe97096bcb3780288b41f8a83d4a72f7f3d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59B1BBB7F116254BF3584D78CDA83A26683DB95324F2F82388F59AB7C9D87E9C055380
                                                                                                                                                                                                        Function 00AA558F Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 823df6df153896ac818f1a3d5a148b2ea1b546cb434f691010a6bf30d775ccb1
                                                                                                                                                                                                        • Instruction ID: 1df41d763c35f40d4499657444cd31e903205f344e7c16043629d07829117d5d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823df6df153896ac818f1a3d5a148b2ea1b546cb434f691010a6bf30d775ccb1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29B17CF7F1152547F3844939CC583626683EBD1325F2F82788A89ABBC9DD7E9C0A5384
                                                                                                                                                                                                        Function 00A9155F Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8fa6c8e4c948fa074222ae26c63bcf15217465282b13fd171d0eb8a6ea4ca052
                                                                                                                                                                                                        • Instruction ID: b54e908b32640294b01b528de8a0991c06400dcea3ee384823dafc2ebd1bccd1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fa6c8e4c948fa074222ae26c63bcf15217465282b13fd171d0eb8a6ea4ca052
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FB19DF3F1122547F3444928DCA83A26683D7D5324F2F82788E996B7C6EC7E9D0A5384
                                                                                                                                                                                                        Function 00A8A58A Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c38422044c26182da88b19893a342ad24c500ae169004d3f30c3838cf031064a
                                                                                                                                                                                                        • Instruction ID: 0b379bd038e725acda6eff0a2ea8fd7a651152aa7ac50a39bfdaeed84c2d65c8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c38422044c26182da88b19893a342ad24c500ae169004d3f30c3838cf031064a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19B159B3F111254BF3844938CC593626693EBD5320F2F82788A996BBC9DD3E9D0A5784
                                                                                                                                                                                                        Function 00A6A042 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0a3f878e63715b6c39b861373e52e6f927cc6c8965ca769797f339527c0d6051
                                                                                                                                                                                                        • Instruction ID: 0627945bed89791f3df69906b517f2bedf4fa90072225b85ce8a86e452a737ca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a3f878e63715b6c39b861373e52e6f927cc6c8965ca769797f339527c0d6051
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB167B7F1112547F3584E29CCA43A27293ABD5314F2F827C8E896B7C4E97E5C0A9384
                                                                                                                                                                                                        Function 00AA6202 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cfd76148d8799137b9400e69edf5be74c74eea070e01259260a8df7c8483716e
                                                                                                                                                                                                        • Instruction ID: f6f51244b720d971bb198e0cc0eb9d0eb1424708d6ab2df39a9133b652419248
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfd76148d8799137b9400e69edf5be74c74eea070e01259260a8df7c8483716e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CB18CB3F1152547F3444929CC683A26683EBD5324F2F82788F896B7C5DD7E5D0A5384
                                                                                                                                                                                                        Function 00AD1019 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9abff0526add8b7e7e76b1d1fb4abeaaba28b6d8583b78ab22ee853b17347b13
                                                                                                                                                                                                        • Instruction ID: 45260db096f691945e377e8b79639acf2d2f10710ea03dddefe8916fed89ed8d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9abff0526add8b7e7e76b1d1fb4abeaaba28b6d8583b78ab22ee853b17347b13
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22B168F3F2163507F3944878CD583A266829B91321F2F82788E5CABBC5D8BE9D4913C4
                                                                                                                                                                                                        Function 00AAD545 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dcc8e592308a06281d809b7593702ca75a1cdcd422f1aba69117fef4f1271ca6
                                                                                                                                                                                                        • Instruction ID: 3af583efe403d5e21e544eef53b343c41ad560b151b6e084cc9f15e5803de268
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcc8e592308a06281d809b7593702ca75a1cdcd422f1aba69117fef4f1271ca6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CB17AB7F1122547F3544E68DC58362B693ABE5324F2F82388E886B7C6D97E5C0A53C4
                                                                                                                                                                                                        Function 00AB13CF Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c71eb028c72556efbccfd07e1dba55e39d75732c6d54dedef39aedaa812a8b62
                                                                                                                                                                                                        • Instruction ID: 24f540a9c5894f08062a3cfc336711fd2d18e2c62d3218ac86a382478219366f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c71eb028c72556efbccfd07e1dba55e39d75732c6d54dedef39aedaa812a8b62
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5B17BF3F512254BF3544968DCA83A26283EB95320F2F82388F896B7C5D97E5D0A5384
                                                                                                                                                                                                        Function 00A406F0 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: c4ef99c8778ac6e033d242d5be82c8cfbc173cdde4ec82108d7b747a51d4192e
                                                                                                                                                                                                        • Instruction ID: 4c81225654021b02dffb81028a1aca7326df104f66ae5133b0e7d918efa126c2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4ef99c8778ac6e033d242d5be82c8cfbc173cdde4ec82108d7b747a51d4192e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B81F5396083158BD714DF28C890A2BB7E2FFD5750F19852CEA849B396EB31DC41DB82
                                                                                                                                                                                                        Function 00A06160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                        • Instruction ID: be603dee0eff77fae65c333e29920355b76b33a2bccd04ae842245b96cbdfab8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15C15BB29487458FC360CF68DC86BABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                        Function 00AD66FA Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: eb29d45bae120de3fb0c46b629588024c0474f3c75dea43a5f98c3472d665df9
                                                                                                                                                                                                        • Instruction ID: 8dc5d52778411a34065c6fe6705fcad281dfff5ffcca09fc9e56d0a846c22c1f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb29d45bae120de3fb0c46b629588024c0474f3c75dea43a5f98c3472d665df9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24A17AB7F111254BF3540929CC583627653ABE5325F3F82788A8C2BBC9D97E5D0A9384
                                                                                                                                                                                                        Function 00ACF289 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 70c036773143de05f32ea808c9a83e58aa92775b0f189b7c701938da3d501d9d
                                                                                                                                                                                                        • Instruction ID: 41cafa02f0c11572f8fb820574141cd864bc5d495d3536c6c0c93868b8447ad9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70c036773143de05f32ea808c9a83e58aa92775b0f189b7c701938da3d501d9d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDA17CB3F112254BF3504929CC983A27653DBD5324F2F82788E986B7CAD97E5D0A53C4
                                                                                                                                                                                                        Function 00AC5084 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 10cc5a27ebf8c2f05ea78eb59756668b6f310950bc0bfc3b36bd3488be9faad5
                                                                                                                                                                                                        • Instruction ID: 59b2d8421ec3e2ec20f429aa81b5876a02f9cb1c11b41f366fc33783fe65220a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10cc5a27ebf8c2f05ea78eb59756668b6f310950bc0bfc3b36bd3488be9faad5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6B18CF7F516254BF3444928DC983A22683EB95324F2F82388F586B7C5D9BE9D0A5384
                                                                                                                                                                                                        Function 00AA8634 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d1f9cee5123bb502c7b60beae79a313e7de1f1a0444a82e5c76a03589ca1c23d
                                                                                                                                                                                                        • Instruction ID: 468753ef1132985b83df1210ef4e925fe04d11b99936bff6f64c0c231b787825
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1f9cee5123bb502c7b60beae79a313e7de1f1a0444a82e5c76a03589ca1c23d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6A18EB7F512254BF3544939CD983626583ABE5324F2F82788E9DAB7C6DC7E5C0A4380
                                                                                                                                                                                                        Function 00ACC2B7 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d0d860bbdde04e6e21b6367c4062d6c6eea7cc1b6789156ae66440c7ceefbf2d
                                                                                                                                                                                                        • Instruction ID: 5f68d3ee79c2e92632d2a1c79330890a1233201abf07db691cbaf5cb8c5ca348
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0d860bbdde04e6e21b6367c4062d6c6eea7cc1b6789156ae66440c7ceefbf2d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54A1AEB3F105254BF3544D78CD993626683DBA0325F2F82388E59AB7C9ED7E5D494380
                                                                                                                                                                                                        Function 00AA95A6 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 67d9f529c7a897f46b5f3a6b6ff75ec5e7fd91c147312277d5d22f7458767ee8
                                                                                                                                                                                                        • Instruction ID: a77c0a210f6f007b63c95096fe6bf0465638cbd2bbc034f43bc132ba3586c0f5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67d9f529c7a897f46b5f3a6b6ff75ec5e7fd91c147312277d5d22f7458767ee8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFA18DB3F5122547F3844968CC983A26683EBD5325F2F82388F9C6B7C5D9BE5D0A5384
                                                                                                                                                                                                        Function 00AC9598 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d1de79f497bb9deeabeff0988d5a7d828452b1dc08b4496e6c554c448d7885bd
                                                                                                                                                                                                        • Instruction ID: 87b0162db8d879fdc1ee8d51fffbd7d6a8aef714f85a2340ba691684f82de35a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1de79f497bb9deeabeff0988d5a7d828452b1dc08b4496e6c554c448d7885bd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60A17FB3F2022547F3944D68DD983A27692EBD5314F2F82788E88AB7C5D97E5C0953C4
                                                                                                                                                                                                        Function 00A661B0 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1a6a2286b605a3abed9f4744e4559af527152a227fab7c2acea395a46ed7433f
                                                                                                                                                                                                        • Instruction ID: 469e94f84b9cddfe43b226c2ce86d7902291466b39bec3f3f5d7e6d26cfcb82c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a6a2286b605a3abed9f4744e4559af527152a227fab7c2acea395a46ed7433f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60A18BB3F5122547F3544D38CCA83A26683ABD5324F3F82388EA9AB7C5DD7E5D065284
                                                                                                                                                                                                        Function 00AC5579 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 573a0541fc885d60cf1b5653555cdc31b41ae3d4a44ca7068c44d5eb2df9ddd6
                                                                                                                                                                                                        • Instruction ID: 8356d53a2faf8a8d84106edb2f82c1e91dcda135f8a5f3bbae957b78ae52d5b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 573a0541fc885d60cf1b5653555cdc31b41ae3d4a44ca7068c44d5eb2df9ddd6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9A16EB3F202254BF3904D79CD983A27692EB95320F2F82788E886B7C5D97E5D4953C4
                                                                                                                                                                                                        Function 00A9B340 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 482ccaab1315530a14611a39c4d41cc259db4a0faa724a41a9e85ec87f01d8fa
                                                                                                                                                                                                        • Instruction ID: 860215415d724959e03772b00d044d6998b0f055a111555d136f7103289736fe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 482ccaab1315530a14611a39c4d41cc259db4a0faa724a41a9e85ec87f01d8fa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3A1C2F3F5122547F3440978DC983A22682DBD5324F2F42788F98AB7C5E8BE9D0A5384
                                                                                                                                                                                                        Function 00A980D5 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 820f1fe05cbd0b5a7d54bb00771fcb12c9ecc4915efcb3778828fb51fbaa87ca
                                                                                                                                                                                                        • Instruction ID: 3cbf412ce9ebb63a78e0e02a9a2eaf05eb9f1b257d95f80110640c402a41ab96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 820f1fe05cbd0b5a7d54bb00771fcb12c9ecc4915efcb3778828fb51fbaa87ca
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49A16CB3F1022547F3544D29CCA83A26683DBE5324F2F81798F89AB7C5E97E5C4A5384
                                                                                                                                                                                                        Function 00A99386 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3d088bd734e7ca6ba3832b0ba872467096b50c2ab85ae8558532ba33c64b4662
                                                                                                                                                                                                        • Instruction ID: e1d9859eae0dea9e78ec914280a9b6fce75e6dcc2aa06d801a786eefc883a866
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d088bd734e7ca6ba3832b0ba872467096b50c2ab85ae8558532ba33c64b4662
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4A188F7F512254BF3944978DC983A26682DB95324F2F82788F886B7C5E97E5C0A4384
                                                                                                                                                                                                        Function 00AAA23A Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 696e81e72b8c7aa6cbfd47562a85839926dde706774405b1ed009ac0c805f1b7
                                                                                                                                                                                                        • Instruction ID: d59f54d3794e2f44c86e387f70c64ce3c97b949b410662231802837c05fc6c9f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 696e81e72b8c7aa6cbfd47562a85839926dde706774405b1ed009ac0c805f1b7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46A14CB3F111254BF3544A29CC683A17693ABD1324F2F82788E9C6B7C4EA7E5D1A53C4
                                                                                                                                                                                                        Function 00ACE607 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 51a6296a886235ff4ae0bedea71b51a100e4a9ed2753090994c7ae128943ca0b
                                                                                                                                                                                                        • Instruction ID: 17c413384e2388942b4d60446c43017be12d166e792ebd35ab61ecff7f22910e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51a6296a886235ff4ae0bedea71b51a100e4a9ed2753090994c7ae128943ca0b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70A18AF3F216254BF3544929CC583617692ABE9310F2F82788E8CAB7C6E87E5D0953C4
                                                                                                                                                                                                        Function 00ABF44A Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bdf9a054a8496ee6979ac25c0832e0dbbd6a7012c419a2866add07e76ba5b09e
                                                                                                                                                                                                        • Instruction ID: 6d291a39e707c665e1d2550e162a83686670f6c7bcf51c2213a7114ab4fe8f0e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdf9a054a8496ee6979ac25c0832e0dbbd6a7012c419a2866add07e76ba5b09e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACA18EB3F102244BF3544D39CC983A27693EB95314F1F82788E899B7C9D97EAD4A5384
                                                                                                                                                                                                        Function 00A87313 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3af7ca7307341e9f68e468cd28d618c423c86cd8c56bffa05da4b23a7a495cf1
                                                                                                                                                                                                        • Instruction ID: 0e8e90b7bfe7cf22a725bb4bc4ee8de03423ec3e4b6393692cbeeee1ef9dc129
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3af7ca7307341e9f68e468cd28d618c423c86cd8c56bffa05da4b23a7a495cf1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA91AEB3F502254BF3544978CC983A16683DBD5324F2F82398E99AB7C9DCBE1D4A5384
                                                                                                                                                                                                        Function 00AB625D Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2c3a54734d77e59ab2a8040f463cf8a05122dbfd80c2ba5beaf0d07fb174cff6
                                                                                                                                                                                                        • Instruction ID: f2cf573416b19575cd27f494b468e44627db8cd7daef6ee1000ed81b66a78416
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c3a54734d77e59ab2a8040f463cf8a05122dbfd80c2ba5beaf0d07fb174cff6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 379191B3F2162547F3540D24CC983A16693E7D5324F2F82788E986B7C6D87E5D4A53C4
                                                                                                                                                                                                        Function 00A74495 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a026853c581a92d84bbd6cbc4e355e57484e49ab9956e00c32be8f935cb2ce27
                                                                                                                                                                                                        • Instruction ID: 82ecf523044cea6c6c90a16eb6c51efc964a7095bbf67831959e7785479ddcbc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a026853c581a92d84bbd6cbc4e355e57484e49ab9956e00c32be8f935cb2ce27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71918FB3F102254BF3544D29CC583A27693EBA5324F2F82788E98AB7C5D97E5D0A53C4
                                                                                                                                                                                                        Function 00A8D5DF Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bd373e70c7f61357c7358ea0d864143b8f95ff3cc606a053d7866fbcca977c7a
                                                                                                                                                                                                        • Instruction ID: d108c1a194fd3bcc22df724235f27b1234260405bf5572796eb58499c2a6e89d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd373e70c7f61357c7358ea0d864143b8f95ff3cc606a053d7866fbcca977c7a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A9119B3F6122547F3944839CD593A269439BD5324F2F82788E5CABBC9D87E9D0A1384
                                                                                                                                                                                                        Function 00ACB395 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 22d75e9b97b73e6d20cf3acf230624ffa797a31ffcda98eb3023c3acb940b645
                                                                                                                                                                                                        • Instruction ID: 02b4079d40265139408e13b7252d67ba7c0e0c3b1bc55d14b8b40bc1cbc71b24
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22d75e9b97b73e6d20cf3acf230624ffa797a31ffcda98eb3023c3acb940b645
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9A1BEB3F112254BF3844D39CC983627683EBD6324F2F82788A999B7C5DD7E590A5384
                                                                                                                                                                                                        Function 00A631D4 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d06ac2fd5bdb6b4e22475afc8bb8e1ee804e975c7d4a454fd954182270f690d3
                                                                                                                                                                                                        • Instruction ID: e188517fa8af7528c8bcf53b20e7add71b8c29eb2a038c2eee03fd56188c3548
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d06ac2fd5bdb6b4e22475afc8bb8e1ee804e975c7d4a454fd954182270f690d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79918BB3F1022547F7584D38CCA83A27693ABD5324F2B827C8A896B7C5DD7E5D4A4384
                                                                                                                                                                                                        Function 00AAE15E Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1bc490c802dcabb1f072a6cd0bd55650969fb96d07b01598e7862f834d76f999
                                                                                                                                                                                                        • Instruction ID: 717b53a284ece98a5e02c162637b8bb0bb3bed7a646108d3c85eeff017c7b217
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bc490c802dcabb1f072a6cd0bd55650969fb96d07b01598e7862f834d76f999
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F591B1B3F1122447F3544979DC983626693EBD4314F2F82788E88AB7C9E97E5C0A53C4
                                                                                                                                                                                                        Function 00A7A39A Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9c30228dd4186d33602de60a554a5738ec969f569aaf173db4e19f420c8fbb3c
                                                                                                                                                                                                        • Instruction ID: 12c45945d2e78601e6be3df1a494216336fcf781f0720d88c74fa2ad4b5c74b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c30228dd4186d33602de60a554a5738ec969f569aaf173db4e19f420c8fbb3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38918DB3F2122547F3944938CCA83A16682EBD5324F2F82788E9D6B3C5D97E5D0A53C4
                                                                                                                                                                                                        Function 00AD5541 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1320eb14226a77f1877216b7f20d74b5006c6ba4704616234cd8f9d89e3a741f
                                                                                                                                                                                                        • Instruction ID: 9d6306b0dacdb91e9dea2885114fcb7cba45f6a57325397756d587db7eaffe01
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1320eb14226a77f1877216b7f20d74b5006c6ba4704616234cd8f9d89e3a741f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3918EB3F112254BF3540E29CC983A27693ABD5325F2F81798E8C6B3C5D97E5D0A9384
                                                                                                                                                                                                        Function 00AC7537 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a9392eeb42d1dc80175f25c676f63d98101b6b1904974b10ec0b80ca71a1cab6
                                                                                                                                                                                                        • Instruction ID: 4e326ee9d22083563398dcfdaad5cc3583e8ea75a3ef4ccb65b71c5d724f9745
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9392eeb42d1dc80175f25c676f63d98101b6b1904974b10ec0b80ca71a1cab6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19915BF3F616244BF3844968CC983A12593EBE5325F2F82788E586B7C9DC7E5D0A5384
                                                                                                                                                                                                        Function 00AC3051 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 13d819cc1bd127f98491d991bebad4fd2b62c12bb857a19adae4d9565744c4ad
                                                                                                                                                                                                        • Instruction ID: 30e45861a32fef50d409ecdea917f540023ba11e02bcdb7ea64a313326bc946b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13d819cc1bd127f98491d991bebad4fd2b62c12bb857a19adae4d9565744c4ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF91A0B7F112254BF3544D39DC983626692DB95320F2F82388E9CABBC9DD7E5D0A4384
                                                                                                                                                                                                        Function 00A9A2B3 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 47223eb26abae4a11064ff88841f44ab8dd632d06d7c2f2690092dbaf760e1a7
                                                                                                                                                                                                        • Instruction ID: 5aebafc3edaa1162c1a3fe079471f93b8380fc74286d6eea40d7da7ae097b13c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47223eb26abae4a11064ff88841f44ab8dd632d06d7c2f2690092dbaf760e1a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8917CB3F215244BF3544D29DC983626683DBE5324F2F86BC8E88AB7C5D83E5D0A5384
                                                                                                                                                                                                        Function 00A81445 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0a0e3d01fa0e5c44e94bd6c48fe8aee6b1fe830dc920d14d393cc5bbf3f0ba61
                                                                                                                                                                                                        • Instruction ID: 9a7737f31d485a33dca8c6f5fdc15dc732a07825da3c9534e9fdb60d169f2e6c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a0e3d01fa0e5c44e94bd6c48fe8aee6b1fe830dc920d14d393cc5bbf3f0ba61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB916AF3F112354BF3544968CC58362A692ABE5320F2F82788E9C6B7C5E97E5D0A53C4
                                                                                                                                                                                                        Function 00AB4328 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 248419fb99f3eeaa6795d96fadb7a4d15f30e60ac259b57a7d48695af6f45506
                                                                                                                                                                                                        • Instruction ID: 7371ba1fabdcfeeae9b0b0d29132271a335a18f4542c538290900b3db0ca9678
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 248419fb99f3eeaa6795d96fadb7a4d15f30e60ac259b57a7d48695af6f45506
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40914DB3F5162547F3944839CC583A265829BE5324F2F82788E9CAB7C6DC7E9D0A53C4
                                                                                                                                                                                                        Function 00AC349F Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e12c489f2a11b29fa82db9192326042579c6bbe8dd25ec8af3461967a3aee51e
                                                                                                                                                                                                        • Instruction ID: b09ee55f5bce93cbc8964c61be553222a41ca392c01e0dae449cc25b8dbf6298
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e12c489f2a11b29fa82db9192326042579c6bbe8dd25ec8af3461967a3aee51e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 749125F7F215244BF3984828DD583656583A7A5324F2B82388F596B7C5EC7E5D0A1384
                                                                                                                                                                                                        Function 00A86586 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fc12ef6907adaeddceb4581d142ec640588d9e0a0f9525cc8816ba02af75f459
                                                                                                                                                                                                        • Instruction ID: 3f3c24d14809ba7c0fe92c53ce6b6f4e1e550169e759312e252b03b0104df65d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc12ef6907adaeddceb4581d142ec640588d9e0a0f9525cc8816ba02af75f459
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D919EB3F112254BF3444E69CC543A27293EBD6311F2F82788E48AB7C9D97E6C4A5384
                                                                                                                                                                                                        Function 00ABD607 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fd1371e7361015c67a2f4468b76f73fa37a10905629e06eee8db9a9e83f7cb81
                                                                                                                                                                                                        • Instruction ID: cbc8c27999c950a00d2bb511d2c032f70e300e0bc7e82db9a4bc030ca0f4629d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd1371e7361015c67a2f4468b76f73fa37a10905629e06eee8db9a9e83f7cb81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE91ADB3F111294BF3544D29CC583A26683DBD5324F2F82788E4CABBC9D97E9D0A5384
                                                                                                                                                                                                        Function 00AC6124 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d638e6a0a0b3e7196947927fd00bf1bace40a76b473946a565ea266d512e009f
                                                                                                                                                                                                        • Instruction ID: 6f819e74b3f09d9e4f8feb6324dbc396d047415056786ebc49b0747428d35c89
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d638e6a0a0b3e7196947927fd00bf1bace40a76b473946a565ea266d512e009f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5918DB7F1022547F3544D28CCA83617292EBA5324F2F82788E8D6B7C5D97E5D0993C4
                                                                                                                                                                                                        Function 00A704A7 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6e3e370cddd88bf494142349b0c69f45382cda590f70960e29de0ef1739c669a
                                                                                                                                                                                                        • Instruction ID: cb3b3c0d6d79563b8f72fd542d4e2ae98c6f8eece581151d6c814dd77b72c728
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e3e370cddd88bf494142349b0c69f45382cda590f70960e29de0ef1739c669a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E99180F3F516254BF3544D68DC983A16182EB90324F2F827C8E996B7C6EC7E5C0A5384
                                                                                                                                                                                                        Function 00A204C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                        • Instruction ID: 2e2a227d5256d62908c920010c03bea5927d50552d5fbd1ca50f606753256af8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACB16232618FC18AD325CA3D8855397BED25B97334F1C8B6DA1FA8B3E2D674A102C715
                                                                                                                                                                                                        Function 00AA7389 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1192b414048495ba4f9daf941e4bba4aaf800b9fe41475c7f17b76a7bded656f
                                                                                                                                                                                                        • Instruction ID: 04ecf5611087afaf7925d8df67c48675bd6130b83b35cadd6325a0e7159458c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1192b414048495ba4f9daf941e4bba4aaf800b9fe41475c7f17b76a7bded656f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB913CB3F1122547F7444929CC983A16683DBD5314F2F82788F58AB7CADD7E5D0A5384
                                                                                                                                                                                                        Function 00A9E382 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cc364634f6530b463713cfcbeb6116c732f796ecca7319899455fbf23828ce19
                                                                                                                                                                                                        • Instruction ID: 3c5dcaddd3a6ee372bf14c406836e3b3748a14e96729dc5a463cbe8f510213c2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc364634f6530b463713cfcbeb6116c732f796ecca7319899455fbf23828ce19
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33919CF7F216244BF3944978CC983A26283E7D5324F2F82788E58AB7C5D87E5D4A4384
                                                                                                                                                                                                        Function 00A6D290 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c5853689ed251712b9da7fc881b1844eed978598a7f5970d63f5389defb456ed
                                                                                                                                                                                                        • Instruction ID: 0593cd484de99d768539956458a452f2afe21fd726c2deacfb81db23c5dc5022
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5853689ed251712b9da7fc881b1844eed978598a7f5970d63f5389defb456ed
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72817CF3F216144BF7884838DDA93A52583E7D4314F2F81788B899B7C6D8BE5D0A5384
                                                                                                                                                                                                        Function 00A86173 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e3381a023a37ab8bc8ce449137ae2ae6728fbc44506497ba83315ea93c80333a
                                                                                                                                                                                                        • Instruction ID: 4b2b5dfff3d10a45f8c3574220c172b5a97c84f76281a4351b3774941f9e2558
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3381a023a37ab8bc8ce449137ae2ae6728fbc44506497ba83315ea93c80333a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C919BB3F116254BF3444928CC983627683ABE5325F3F82788E996B7C5E93E5C0953C4
                                                                                                                                                                                                        Function 00AAB35F Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ee335c362cba92318e7f0e963627bf0d3749d782d4c0515d0fabc1f9bc74a8d6
                                                                                                                                                                                                        • Instruction ID: b43cbda0613c568e934e839f1d46103f4c457a225b032c3bafe4117836eb4709
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee335c362cba92318e7f0e963627bf0d3749d782d4c0515d0fabc1f9bc74a8d6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31818CB7F111254BF3544D39CC583A2A683ABD5324F2F82798E886B7C9DD7E5D0A4384
                                                                                                                                                                                                        Function 00AA5194 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 06e36f5482b9158257406ce4a13d6f93a4fe5652469a9f3e79c66dc9e17ae32f
                                                                                                                                                                                                        • Instruction ID: aa2cbed8e55bdabab9323e96f40007280096a7dcddb9b4f6ccf953b43c797ff2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06e36f5482b9158257406ce4a13d6f93a4fe5652469a9f3e79c66dc9e17ae32f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65917CB3F2122647F3544D29CC943A27693EBA5320F2F82788E88AB7C5E97E5D455384
                                                                                                                                                                                                        Function 00A973A2 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a0127d47a1196d00b4be0fa32ba3266ff3798c5a0e80c0947ea4bc45fe5ea3aa
                                                                                                                                                                                                        • Instruction ID: d5c65445b003afd81437444f1ad46dc5efcd2ad67f52a431641eb96952f7bc9e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0127d47a1196d00b4be0fa32ba3266ff3798c5a0e80c0947ea4bc45fe5ea3aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78918FF3F216254BF3804E25DC983A17293EBD5314F2F81788A886B7C5E97E5D0A5384
                                                                                                                                                                                                        Function 00A71430 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d27e2cd95734f18d10f2bc0cff4d2223c1560e70c509931ff3a40c6ee2c86b16
                                                                                                                                                                                                        • Instruction ID: 3af394099494be83b4ce308f16be4c601731929c6c47d1cd0989b654eb4da875
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d27e2cd95734f18d10f2bc0cff4d2223c1560e70c509931ff3a40c6ee2c86b16
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA916AF3F1022547F3584D28CCA83A1B693EB95324F2F827C8E996B7C5D97E5D095284
                                                                                                                                                                                                        Function 00A40460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: bee83e032c28055c7f94dea92dcfa77f3d970fcc92d60b26fda4714fc8496a5a
                                                                                                                                                                                                        • Instruction ID: 60268098f8fd066c17b37f83fe87354b730b133bbc1669f8178260f63722e636
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bee83e032c28055c7f94dea92dcfa77f3d970fcc92d60b26fda4714fc8496a5a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C86108396083019BD715DF18C850A3FB7A2EFD5760F1AC52CEA858B291EB31DC51E792
                                                                                                                                                                                                        Function 00AC25B1 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fc3d89273348365d7d7bde3284acf78e939cedef8390107eb33e8b29bba2dd79
                                                                                                                                                                                                        • Instruction ID: 368afacb5ed0abcc88162dd9645b24d5946b711bbec38d05be259c16c042515f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc3d89273348365d7d7bde3284acf78e939cedef8390107eb33e8b29bba2dd79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F818DF3F1122547F3944D39CD983526692DB90320F2F82388E98AB7C9DD7E9D0A5384
                                                                                                                                                                                                        Function 00AA820A Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d5031eb9ee8e2177065937018569dda32320667a0f5ed9c0b8e063e0da456454
                                                                                                                                                                                                        • Instruction ID: 9a16a97a3a948a5333c07df9d6aee09b672aa80dd18b8f49ef9c1527d0e4aba4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5031eb9ee8e2177065937018569dda32320667a0f5ed9c0b8e063e0da456454
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C816CF3F112254BF3584978CD6836226839BE5324F2F82788F9D6B7C5D87E5D0A5288
                                                                                                                                                                                                        Function 00AD75C8 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0b7e25d9c70baf2aab0a6f1fe1aca047f4b71bd8d98a94b27c83c801a433f528
                                                                                                                                                                                                        • Instruction ID: cf756a9f2554ed01b55605c7391b19817a399b322ea5bc83210f38aa984a0834
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b7e25d9c70baf2aab0a6f1fe1aca047f4b71bd8d98a94b27c83c801a433f528
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64917CB7F112244BF3844D38CD983526693EBD5314F2F82788E98AB7C9D97E9D0A5384
                                                                                                                                                                                                        Function 00A8B0A7 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: adee4c400393541784a5b89c85cc1a84206b441a7da289b8d2d9a88502f6dc9b
                                                                                                                                                                                                        • Instruction ID: df9706c79ab70029f6888ade94d75dd684f5cee916da011d34b617a6523d8d7e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: adee4c400393541784a5b89c85cc1a84206b441a7da289b8d2d9a88502f6dc9b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 158179B3F5122947F3544D24CC983A27283EBD5324F2F82388E986B7C5D97E6D0A9384
                                                                                                                                                                                                        Function 00A8D1FC Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: add8e803f474086914702e8c5dd2c1aca49509053e5158354d0501a207eaa393
                                                                                                                                                                                                        • Instruction ID: 2f9d1d25495898a1f481635e01cb82cd4b4ec5762cd3d962fbb2ae86456c081f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: add8e803f474086914702e8c5dd2c1aca49509053e5158354d0501a207eaa393
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9817FB3F1122547F3844D28CCA83A17692EBD5314F2F417C8E89AB7D5D97E9D0A9384
                                                                                                                                                                                                        Function 00ABE25C Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c88f66da511fe8c5078b100969c09baa9515aa0a675a7ad4207b8d2fd2d9b59a
                                                                                                                                                                                                        • Instruction ID: e1c71ee77606d1ae29cbce15adfc7b19a490e10af2e147d2139b5ce0e8786669
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c88f66da511fe8c5078b100969c09baa9515aa0a675a7ad4207b8d2fd2d9b59a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C813AB3F1162547F3544D29CC983A27692AB95324F2F82788E9C6B3C1D97E5D0A93C4
                                                                                                                                                                                                        Function 00A3C5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: d78a95fd387aa6e48fc42abb9be669303b134107de7c01266781fb97f8f5d4a5
                                                                                                                                                                                                        • Instruction ID: 6fb19c73ddb70bda6acce1d3cc36c04251eed04c8db612c4a2dc38d30be91f7e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d78a95fd387aa6e48fc42abb9be669303b134107de7c01266781fb97f8f5d4a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB513875A083154BD728EF68CC4162FB7D2ABD5720F19897CF8C5A7391E7319C418B85
                                                                                                                                                                                                        Function 00AB01C4 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b0597c396db722b50b7cd74ba040da678b43c9caa39a52d0bafa6ead2fa1f4b7
                                                                                                                                                                                                        • Instruction ID: 11c81a9883429c325b04cbac20da13837e6d79240fe21cb04534af5db5a37d96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0597c396db722b50b7cd74ba040da678b43c9caa39a52d0bafa6ead2fa1f4b7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6811AB3E1122547F3504929CC983A2B693ABD1324F3F82388E9C6B7C5D97E5D1A57C4
                                                                                                                                                                                                        Function 00AD435A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 99afa6206703fcfebe9ef136d0ce20c141c70b83da1f4a1584d373b4206cfd7d
                                                                                                                                                                                                        • Instruction ID: b500e899da5e0c2aad5a0ccc4ae7c11380382b3258cd3551689c232592a69433
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99afa6206703fcfebe9ef136d0ce20c141c70b83da1f4a1584d373b4206cfd7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 728190B3E2062547F3644D28CC983A17692EBA5320F2F867C8ED86B7C5E97E5D0953C4
                                                                                                                                                                                                        Function 00AAD1AE Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f0a46b75a8b77614c43aff2f8ba88e70e620603a6afbbe519c16976225c9a50b
                                                                                                                                                                                                        • Instruction ID: 7b4b41944dfd2e125d3851d3ff55eebd61199f70a620be6cd02f7750c1b9f2a9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0a46b75a8b77614c43aff2f8ba88e70e620603a6afbbe519c16976225c9a50b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A815DB3F2022547F3544D69CC983A26692EB95314F2F82788E8CAB7C5D97E9D0A53C4
                                                                                                                                                                                                        Function 00AA04F8 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3bbc04d42f0c721f48bb4ca6459f74e6edb885e8214aac7a1955112326261aed
                                                                                                                                                                                                        • Instruction ID: fb2f658b28be11e331ab6b401d02a60e45c753594d6c614a01384dab6573552a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bbc04d42f0c721f48bb4ca6459f74e6edb885e8214aac7a1955112326261aed
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D816AB3F111264BF3948934CC583A26693EBD5314F2F82388E99AB7C5D97E6D0A5384
                                                                                                                                                                                                        Function 00ABA01B Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 890b4e4598172e99576687d95d3aee66977b9ce69d9498d9afb2cefab4a27207
                                                                                                                                                                                                        • Instruction ID: 926f4024da94b5ae0d41f8c7f916c9b2f41d45665accc4c5b5f93ced668183de
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 890b4e4598172e99576687d95d3aee66977b9ce69d9498d9afb2cefab4a27207
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A97180B3F116244BF3544938CC583627683EBD5324F2F82788A99AB7C5DD7E9D0A5384
                                                                                                                                                                                                        Function 00AA0157 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: af54cd898414b420627a09627477d8feb9c513b65e2a1275bc2683053ec6cd0c
                                                                                                                                                                                                        • Instruction ID: 45f2428278f171f26928b08589a9e405223d70b05c96acf0c8c7f48828b18234
                                                                                                                                                                                                        • Opcode Fuzzy Hash: af54cd898414b420627a09627477d8feb9c513b65e2a1275bc2683053ec6cd0c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8081ACB3F102154BF3484E28CC983A27293EBD6304F2F81798A899B7D5DD7E5D4A9384
                                                                                                                                                                                                        Function 00ABA39E Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5efe914f4552a02740ee5e29e3b39a8fd343b6d3cb78469c0bbfc4aee89cfffc
                                                                                                                                                                                                        • Instruction ID: 7e9d93933793eabb238017a5dc3785ff390e31a59a1c41fb5937871c48893a7b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5efe914f4552a02740ee5e29e3b39a8fd343b6d3cb78469c0bbfc4aee89cfffc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C717FB3F212254BF3944978CD583626692EBA1320F2F82788E98A77C6DD7E5D0953C4
                                                                                                                                                                                                        Function 00AA209D Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: de65f6944f2e7b63644370a4dbb73a58e997704e29c71bb73f9e780d54fdb492
                                                                                                                                                                                                        • Instruction ID: b8bc4a11b90f24c2dbe6186371960d36ee8db3f4bae681eebd62ea9a0e02c27e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de65f6944f2e7b63644370a4dbb73a58e997704e29c71bb73f9e780d54fdb492
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 248166F7F106254BF3504939CC58362A683ABD5324F2F82788E9C6B7C5D93E9D0A9384
                                                                                                                                                                                                        Function 00AB36C5 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2bbe2a25f69ceb1de432126dfccd630d2e04de94af072c1acbe5276389a862b6
                                                                                                                                                                                                        • Instruction ID: 33abff49d9cb908e2f5f8486287f5aab393afd99582ca240b0c4e863cb98a9ae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bbe2a25f69ceb1de432126dfccd630d2e04de94af072c1acbe5276389a862b6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C819DB3F116254BF3844D28CC583626653EBE1321F2F82788E986B7C9DD7E9D0A4384
                                                                                                                                                                                                        Function 00AD51A7 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: aa0f88767cd7b4de24ad68b29c1b59606065db70e6f062e8834978f943267b89
                                                                                                                                                                                                        • Instruction ID: 8f397bfb51a4e9ca9be0d8add6a480751ad4918a695b1665e84df3bd1ca2c7be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa0f88767cd7b4de24ad68b29c1b59606065db70e6f062e8834978f943267b89
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D87162B3F5023547F3944968CC983626692DBD5324F2F82788E4C6BBC9E97E5D0A53C4
                                                                                                                                                                                                        Function 00A9C1E3 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16ff24a2ed3c1dbd1333cc9ecf513d5198107b9a0dd4ffa6a2dc7f9fd9e829d1
                                                                                                                                                                                                        • Instruction ID: 042081f4b19958067ea8e6d29aad23883ef540851a89e82e5c05267305aaa2ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16ff24a2ed3c1dbd1333cc9ecf513d5198107b9a0dd4ffa6a2dc7f9fd9e829d1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F47169B3F116254BF3448D29CC683627683EBD5314F2F82788E896BBC9D93E5D0A5384
                                                                                                                                                                                                        Function 00A88112 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d1433f0f74332ed248c9d29e49537ba3d08944341c61e07f78ee5e7f860adfa0
                                                                                                                                                                                                        • Instruction ID: 513eb00214f1fcbea39ea1659947878aae13b24a66525688f50dce4f66355c9d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1433f0f74332ed248c9d29e49537ba3d08944341c61e07f78ee5e7f860adfa0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C717EB7F112264BF3900D69DC983627683EB94724F3F42388E986B7C5D97E5D0A5384
                                                                                                                                                                                                        Function 00A1E630 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c8df2afed932eb0700f67234322e192a208d7406d1d1ac7e15d6c3fc37e286d3
                                                                                                                                                                                                        • Instruction ID: e3bd1439ffb8496f479b7f7d9bb349e2e517917d2144d09eb9987f5c9c963ec2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8df2afed932eb0700f67234322e192a208d7406d1d1ac7e15d6c3fc37e286d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C361E23BA09A904BE728C93C4C113E6AEA34BD7330F2DC769E9F5873E1D5664C464341
                                                                                                                                                                                                        Function 00AD859E Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d0d6b948078e65360690a49ec7d84edc47a16d3a844ee1f96aaeae0873bdcd22
                                                                                                                                                                                                        • Instruction ID: dc681626f347c90908ad5202750568c4daec9b9b6de8f0b7d663d0d513f7c368
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0d6b948078e65360690a49ec7d84edc47a16d3a844ee1f96aaeae0873bdcd22
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 737138B3E1122547F3544D28CC583A1B693ABA4321F2F827C8E8D2B7C6D97E6D4957C4
                                                                                                                                                                                                        Function 00AC01B8 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: edcc8866fcc4cd443d7cb4fa8a1be4ac0f80129b0bcc256fbe0f9b839bdddf79
                                                                                                                                                                                                        • Instruction ID: f48995c870d4dbb3ef816113ac6d0a20169d41df846ec358aec79096cd52527e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: edcc8866fcc4cd443d7cb4fa8a1be4ac0f80129b0bcc256fbe0f9b839bdddf79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B7198B7F502254BF3544D74CC983A2668297D5324F2F82788F8C6B7C6D8BE5C4A5388
                                                                                                                                                                                                        Function 00A6F3AD Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: db8ff3346f94be224ce38f3383149a42b9518e29aa792a1e530521a84d9fb277
                                                                                                                                                                                                        • Instruction ID: 152c112420a04a52322b2298ee9c54ffecd59b69f2034789095448774ac1587a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: db8ff3346f94be224ce38f3383149a42b9518e29aa792a1e530521a84d9fb277
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8271AFB3F216254BF3504D34CC883A27692EBD5305F2F81788E88AB7C9D97E9D4A5384
                                                                                                                                                                                                        Function 00AA1476 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b545d44f774fe43f34fbddb7f21aa3f0c3131de1ca03de6fdc40926c3e390dd7
                                                                                                                                                                                                        • Instruction ID: 6006795b5980e33609c676f1009369d57ebd362379b785cbd4d06d4301a8a133
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b545d44f774fe43f34fbddb7f21aa3f0c3131de1ca03de6fdc40926c3e390dd7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 387169B3F2122547F3544D29CC543A27693ABD5324F2F82788E986B7C5ED3EAD0A5384
                                                                                                                                                                                                        Function 00AD728F Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f5406c69289e899a926d50987424d08c79b82714ad76dba104cd5b803a743b88
                                                                                                                                                                                                        • Instruction ID: bb495e48f8cc218cc02063249406828dfcd7d6df5929ab856203c931cd57dc45
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5406c69289e899a926d50987424d08c79b82714ad76dba104cd5b803a743b88
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76718EB3F212254BF3944D69CC983A17692EB95320F2F817C8E8C6B7C5D97E5D099384
                                                                                                                                                                                                        Function 00A9C56A Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: eea1197eeaaca4fbbc87d9bb2393962b912d11e66ad113ebc3f334df125192ac
                                                                                                                                                                                                        • Instruction ID: 3ac7a6536bb591295e653c0a908b171e8bda84c4e067613824a6b7f462f561ef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eea1197eeaaca4fbbc87d9bb2393962b912d11e66ad113ebc3f334df125192ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E6190B3F502244BF3444D69DC983A27683EBD9314F2F82788E889B7C5D9BD6C0A5248
                                                                                                                                                                                                        Function 00A8A262 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 402d051047a529fa85147286776eafc8f15b559b2f7ba3d8c38e9902a63fbe3e
                                                                                                                                                                                                        • Instruction ID: 595f19c787cb1c2ed8a6453a949272a99ca8d4f2dace271bce6e7d4f76e5f5d3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 402d051047a529fa85147286776eafc8f15b559b2f7ba3d8c38e9902a63fbe3e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1361BEB3F102254BF3944D78CC983A27652EB95314F2F82388F496B7C5D9BD5D0A5384
                                                                                                                                                                                                        Function 00AC1334 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 95c52bd3a5929891b606cf9e242d24969f84e91378fc5453fe0281ec13a3f32c
                                                                                                                                                                                                        • Instruction ID: b5d8d50cf48011aa7cfd4daaba2af2ff3f426074042849c434c8e18a1eee9248
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95c52bd3a5929891b606cf9e242d24969f84e91378fc5453fe0281ec13a3f32c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61617EB3F112254BF3504D78CD883527693DB95324F2F82788E98AB7C5D9BE9D4A8384
                                                                                                                                                                                                        Function 00AC22BB Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6ce7440f0c05e1a1f46bd4cbf576b2c2bf3fb9fcb4f3ffb003893f030d461e53
                                                                                                                                                                                                        • Instruction ID: 21937ef2166314f0088612c56cc86247f5d651e8c796071ec5cae285dbda6837
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce7440f0c05e1a1f46bd4cbf576b2c2bf3fb9fcb4f3ffb003893f030d461e53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A613CF3E1122547F3584E29CC943617292EBA5324F2F827C8F89AB7C5D97E6D099384
                                                                                                                                                                                                        Function 00B39086 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a02d7d526a3d1302629957eb17eb2739f67eaa3b484110d70ea29114cd4180c2
                                                                                                                                                                                                        • Instruction ID: 9c86ac5e5721aff7757b7a3d2980b4c5e6886335502c7cb1304f120e568d0113
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a02d7d526a3d1302629957eb17eb2739f67eaa3b484110d70ea29114cd4180c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E5188F3E4421857E3045C39EC483677A87E7D0324F3B423DEA8597789E87A9D0A42D6
                                                                                                                                                                                                        Function 00A72154 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7c41bcb82f3a5b1eb35be92504a60f466b37bee4dba365dcef712f34329d5932
                                                                                                                                                                                                        • Instruction ID: 4f3a587dc47b2269603dc9a447cafbee2bf50cb166b3c8f53e3dc53e00d8f14c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c41bcb82f3a5b1eb35be92504a60f466b37bee4dba365dcef712f34329d5932
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E5150B3F112244BF3504E29CC543A17292EBD5320F6F827C8E886B7D5D97E6D4A5384
                                                                                                                                                                                                        Function 00A9D15A Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1c48d8d54d543a1296eb31dbfb2f9dadb9182e854071faa37d148bde5aaa0c3d
                                                                                                                                                                                                        • Instruction ID: 01a7995e9d09cede0d6e8cba3e4b1db00fb2afb2766eb2f6034c226a983c580a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c48d8d54d543a1296eb31dbfb2f9dadb9182e854071faa37d148bde5aaa0c3d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F661A0B3F111258BF3544E64CCA4361B392EB96324F3F4278CA886B3C4EA7E5C499380
                                                                                                                                                                                                        Function 00C9A161 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e5b1c60089917754b3079105e23704f3f10d40839fc563c0a2ba2e05ee1c1567
                                                                                                                                                                                                        • Instruction ID: 131931c454f0c5768ec3db54f90077fc6a5b6f2485f47e2a1b10c3d7e0689c69
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5b1c60089917754b3079105e23704f3f10d40839fc563c0a2ba2e05ee1c1567
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D5114F750C614DBDB086E1ADC9867EBBE5EB94320F2A492DEAC787700E631584097C3
                                                                                                                                                                                                        Function 00A920B8 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cca9032ee3e8bc76c430159fc187b3af984a42b52e4460f619eec3da3e8a2d2a
                                                                                                                                                                                                        • Instruction ID: 72f1627bd37ae76b08a3e2a53f2810e3368f6a6d48fe0225c78b5a937d20e2e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cca9032ee3e8bc76c430159fc187b3af984a42b52e4460f619eec3da3e8a2d2a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82517A73F2112547F7544E28CDA83A57793EBC5310F2F823C8A895B7C9D97E69099384
                                                                                                                                                                                                        Function 00A2F377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b5e4e7a546a00bd5c48db47012493529d9bb53faff327bf53dc1d672bc46d591
                                                                                                                                                                                                        • Instruction ID: ad12e74ebbea105a1f5d414433a0ae3eddb99fde80cc43900dabe5a0d69ce25a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5e4e7a546a00bd5c48db47012493529d9bb53faff327bf53dc1d672bc46d591
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01611B72744B418FC728CE3CD9953E6BBE29B85314F198A3CD4BBCB385EA79A4058740
                                                                                                                                                                                                        Function 00A9F00E Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 26cf774d4920375124d484062946908d65199ef6d8f26d976f70b369210bd482
                                                                                                                                                                                                        • Instruction ID: 5d53b299167306f550da0be53e25f3fcaa07f9440c2c5dcc73f79a1de3182d59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26cf774d4920375124d484062946908d65199ef6d8f26d976f70b369210bd482
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA5189B7F2122447F7844928CDA83A56682E795320F6F82388E99AB7C5DD7E5E094384
                                                                                                                                                                                                        Function 00AAF196 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 35e9c3ed75f0a1a1172f9438e70cdb06a7c9a63de8f304eed9fb3ff3f5447cc7
                                                                                                                                                                                                        • Instruction ID: 797c85bf0e255da78ac1283af0bc9e3ac7bce0e38b9001a209fc7f15886631be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35e9c3ed75f0a1a1172f9438e70cdb06a7c9a63de8f304eed9fb3ff3f5447cc7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D15170F3F502254BF3944D24DC983626692E795324F2F827C8E9DAB3C5E97E9D0A4384
                                                                                                                                                                                                        Function 00A3F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cbd8c8008fb9313ff1aced8155fbe90a2de3aac50c931afd32dc2070f1a03a7d
                                                                                                                                                                                                        • Instruction ID: e493a8c0bc0e09f34ef40c1e3973512ccb9cc2a4d8e935ad5a9cd1cb29fcc16f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cbd8c8008fb9313ff1aced8155fbe90a2de3aac50c931afd32dc2070f1a03a7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55411832B197518FD718CF39889117BFBE29BDA300F19893EE4D6C7256D524E9068B81
                                                                                                                                                                                                        Function 00A1B57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6d98ee7241625c3f660bceeab93bb707f05e1c0ea0f4f127f0b2999137e74313
                                                                                                                                                                                                        • Instruction ID: e634804bcd80d0b35abce1e2fcb88777fd1e1d50d795d627a695bc4412f98a08
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d98ee7241625c3f660bceeab93bb707f05e1c0ea0f4f127f0b2999137e74313
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A93147645147D08FDB3ACB3584A1BB37FE19F6B304F18488CD1E38B293D2269549C761
                                                                                                                                                                                                        Function 00A7E01D Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16477f301e08e4cbfcfbfa3c40cf75fd02473aa4621b3af27cd462635d4265d9
                                                                                                                                                                                                        • Instruction ID: 7b358e0af22048ecadcd5cb5e0ac1133e1f2e0208cfdf29ca6cb9c7b880961a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16477f301e08e4cbfcfbfa3c40cf75fd02473aa4621b3af27cd462635d4265d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E151AAB3F512158BF3444DA9DC943A27682EBE9315F2F80788A88AB7C5D97E5C464388
                                                                                                                                                                                                        Function 00A740E6 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 73abcf7620c84a8367184e1f913be27d0f590136356ffbbb72300b283185b997
                                                                                                                                                                                                        • Instruction ID: bc2e666258cd73049a7ce94046f7164b5b68f5ccc2e55736f3bac7605db170ee
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73abcf7620c84a8367184e1f913be27d0f590136356ffbbb72300b283185b997
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 504173B7E1122487F3504E29DC94361B392EB95320F7F42788E98677C5DA3E6D0597C4
                                                                                                                                                                                                        Function 00A9E184 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3b834fb5b7bb297fa7465e7aa10ce5b56134c2ba6603aace49c9fd457dcf701c
                                                                                                                                                                                                        • Instruction ID: 2df5a9b7d1574d883529e865dcc767136024eda41731ae95429d5effeccbb757
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b834fb5b7bb297fa7465e7aa10ce5b56134c2ba6603aace49c9fd457dcf701c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31416DB3F1153947F3548929CD683A26583DBD5320F2F82788E4D6BBC9D87E5D0A52C4
                                                                                                                                                                                                        Function 00A32070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a880c2720ed37360be94c0da5bf87c593cafa994b4f2c9e08058a2879624e760
                                                                                                                                                                                                        • Instruction ID: 75676857659fa858f525c3fac9aade86759784269bca12090a220301a417d1b2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a880c2720ed37360be94c0da5bf87c593cafa994b4f2c9e08058a2879624e760
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF8149B851A3808FC374DF45E59869FBBE0EBCA308F11891DD4984B350CBB9544ACFA6
                                                                                                                                                                                                        Function 00A9A51D Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: be8d2c2a0c51e08ae4bb703e12bac2a015f19ac4268c95b19b4b841f9d4ee61e
                                                                                                                                                                                                        • Instruction ID: 0a679a4172ede157e7ca0df9e7253cc733391211cf8d65deeca09222f0768aff
                                                                                                                                                                                                        • Opcode Fuzzy Hash: be8d2c2a0c51e08ae4bb703e12bac2a015f19ac4268c95b19b4b841f9d4ee61e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70316BB7F216254BF7544939CC983626583DBE6324F2F86788E586BBC9DC3E1C0A5384
                                                                                                                                                                                                        Function 00A3A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                        • Instruction ID: b1efbe86cd4cde3503a350bd3aacddbdaa1ca82fa4f301fbaa21fd5816ebb81e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A31F772A08A144BC7199D3D4C9126BBA939BD5730F2DC73EFAB78B3C1DA758C419242
                                                                                                                                                                                                        Function 00ABE0C5 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 406d8e885ecb564cf505cdaf06fa59fb4f5611daef2ec291c3ee41c26a330bd4
                                                                                                                                                                                                        • Instruction ID: a692701c35824ec863597ddc0df58ce835e313f7ddb3e2796662197dca347995
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 406d8e885ecb564cf505cdaf06fa59fb4f5611daef2ec291c3ee41c26a330bd4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F3125F3F5152107F368487ACD58362558397D5325F2F82798F1CA7BC9E8BE4C0A0284
                                                                                                                                                                                                        Function 00ABF2A4 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 820dcaebdbca5d76deb955a939042ba3537ee30069f15cf3911d32ebb5b26be5
                                                                                                                                                                                                        • Instruction ID: 836bf5fda46bfaf14ddf041782e09099498f7d0c1adeb0c36d40b29e27306a5d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 820dcaebdbca5d76deb955a939042ba3537ee30069f15cf3911d32ebb5b26be5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A3128B7F6053147F3A44879CD58362A5829BD4324F2F42398E5CBB7C5D8BE9D0A52C4
                                                                                                                                                                                                        Function 00A8E6B4 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 23718f4af8d41e57132c2d62b5d737b3bcb6b8712bc3c7be519f358ea05b3b28
                                                                                                                                                                                                        • Instruction ID: 9dcd72bf14454bfabbb25998ac96e7eded9b21b1ba98ee807c00f40db2c1879f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23718f4af8d41e57132c2d62b5d737b3bcb6b8712bc3c7be519f358ea05b3b28
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D3160B3F6062607F3484879CD693B769839BD1710F2F823D8F8A6BAC5DC7D590A1284
                                                                                                                                                                                                        Function 00AAC5CD Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d74c9c361c35b213f49d4fd9e9e1bc9045d3eb94a6d6d754779b49778fa381cb
                                                                                                                                                                                                        • Instruction ID: 1c4e77a7893bc2e09761c6c2cc9bb0d7d37ad40b9874828ef37e4f33b78597da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74c9c361c35b213f49d4fd9e9e1bc9045d3eb94a6d6d754779b49778fa381cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A3169B7F6063603F3640878CDA936295829790324F2F82388F1DABBCAD87E9D0552C4
                                                                                                                                                                                                        Function 00AB41B2 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d882f2d03d4774f1b84820711fcdb09c422cbf4a30bf7b89b43ca5a4a18470e3
                                                                                                                                                                                                        • Instruction ID: 07dfb97618cc8103381b512ebff7e09a626730258b3ade418e29e72a56a1e575
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d882f2d03d4774f1b84820711fcdb09c422cbf4a30bf7b89b43ca5a4a18470e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9313BB7F5112607F3584479DD6837658838BE1324F2F83398E1DABBC6E87E4D0A1284
                                                                                                                                                                                                        Function 00AB23F7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 91b0019407bf21f5795b2ff696373081a13e806a07573a75c87371934bad1381
                                                                                                                                                                                                        • Instruction ID: 784eb7d0bf59f11b624b2e9e909ac2c49e68eaf0e7e425eec7734a3087d08d6e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91b0019407bf21f5795b2ff696373081a13e806a07573a75c87371934bad1381
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23316DB3F6112647F3900478CD593625583DBD5314F3F82398E18EBBC5D8BD9D091284
                                                                                                                                                                                                        Function 00A856B3 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6141146a9a427dd25708393b1b3f7fe1e816fe4ac8a6687f2847f731f83892a5
                                                                                                                                                                                                        • Instruction ID: eb8cfcc2d2f78a89265ab50f66f6db41e9043a30dae3182de0bb8f222facea3c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6141146a9a427dd25708393b1b3f7fe1e816fe4ac8a6687f2847f731f83892a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE212CB3F1163047F39848B8C99936A9583A7C4324F2F83388E9967BC9DC7D5C0902C4
                                                                                                                                                                                                        Function 00A6968A Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3ce9352e823e6b0708e9bfd06f15f15d51dd07d6e59baa5aab4e6ad3492f33f4
                                                                                                                                                                                                        • Instruction ID: 6140281ddde0c6009eaf943e34be8252f24a6685e5c4c0695902482a80fe9e4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ce9352e823e6b0708e9bfd06f15f15d51dd07d6e59baa5aab4e6ad3492f33f4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C02136B7F6152047F7988878CCA53A6618397D4324F2F42798E9AAB7C6EC7E5C090284
                                                                                                                                                                                                        Function 00AC03CB Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5e601451640e5c4d839ee004ea9f031472adbca825e06cc5d91258f56ef52515
                                                                                                                                                                                                        • Instruction ID: d27975ca7766bdf7f8162ad7429f4a97525b5583eb68d265d1952ed06d328ca9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e601451640e5c4d839ee004ea9f031472adbca825e06cc5d91258f56ef52515
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB214CF7F506250BF35848B5DD9835265439391328F2B83388F5C7BAC6D8BE4D0A4284
                                                                                                                                                                                                        Function 00AA130C Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fe15c3838c078fbfbd91faf84d37e2e6c61d33ce8e99de15a72bb3904944fea2
                                                                                                                                                                                                        • Instruction ID: 3bd36a94c09f5461833c8053b0e48272352c5fa55c54343ee9c511467047d3b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe15c3838c078fbfbd91faf84d37e2e6c61d33ce8e99de15a72bb3904944fea2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20215CB3E6013547F7684878CD28366598297A5320F2F83798F5E77BC9E87E1D0912C4
                                                                                                                                                                                                        Function 00A9A158 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 04dcc519d3dd9ee77375b34edc9b04b785b99521bb342a51a1d3b9cb2dd57854
                                                                                                                                                                                                        • Instruction ID: a61926d1a3e79612dd4cea11253e96ae80313c747c681e0e103ac66d191c0d0c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04dcc519d3dd9ee77375b34edc9b04b785b99521bb342a51a1d3b9cb2dd57854
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27215EF3F1162147F344482ACD59362A643DBD1314F2F81798B5DABBC5DCBE9D0A5288
                                                                                                                                                                                                        Function 00A983F9 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4133c610b3403a52fe8af7e6ec4709ae40eba1377f59fab0f7ea2821be05deee
                                                                                                                                                                                                        • Instruction ID: 617413cbf94a45d664c55bee2af83834421beb13421ca7e2a5cc6a66237f315c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4133c610b3403a52fe8af7e6ec4709ae40eba1377f59fab0f7ea2821be05deee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2214CE3F6062503F7588868DC5936265839BE5324F2F85798F8DAB7C6E87D9C0A42C4
                                                                                                                                                                                                        Function 00AB721B Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2ba6a3ac23d66314b47c3d79af9db67bc5f3455f3797c6a4042cf3c80e3def0e
                                                                                                                                                                                                        • Instruction ID: 1406fe07a1dc223ae9760d1a6ca778ad1de2bc1465a992b81e8c3596eef13457
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ba6a3ac23d66314b47c3d79af9db67bc5f3455f3797c6a4042cf3c80e3def0e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE214AF3F2252447F3980839CD693666543ABE1321F2F83798B6D6BBC6DC7D480A5284
                                                                                                                                                                                                        Function 00AB30D6 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 55dedface83bb44f8071ce0cf1c6068dda7622a60c424b4c86c0a7428f7813c1
                                                                                                                                                                                                        • Instruction ID: befed470497b65d2d56e849d793a3b272e6c16777fe91e47205ecf57d33a29b6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55dedface83bb44f8071ce0cf1c6068dda7622a60c424b4c86c0a7428f7813c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21118EB3F606204BF75448B9DC843666683A7D5324F2F81788F48AB7C6D9BD5C0A4384
                                                                                                                                                                                                        Function 00A36210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                        • Instruction ID: 33a3a4a385dfe76ed78860c1c437d39af3192357ddfd064b51567458cf742774
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD11EC33E051D40ED3158D7C84405A6BFE30AE3734F1AC399F4B8971D2D6228D8A9354
                                                                                                                                                                                                        Function 00A1C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                        • Instruction ID: dc26906e462f0ade65f970931d5b7acab07bdb8aafbf25db767a923692697a79
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13F03C60114B918AD7328F3985243B3FFF09B23228F545A8CC5E35BAD2D366E14A8794
                                                                                                                                                                                                        Function 00A2E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                        • Instruction ID: 3cbb178dc318b53436095eb3fd240e3ea1417a97e5b99ca9b19f808624c44b6a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF065104087F28ADB238B3E54606B2AFE09B63120B181BE5C8E19B2C7C3159497C366
                                                                                                                                                                                                        Function 00A2D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 595a02e4bf37f3ea0afe25b3dbc5083a67b4e3ee19eb079c86edadce2606a4e3
                                                                                                                                                                                                        • Instruction ID: dd3df16051af2864d3afd1bf65ac5c96112bded41fb2c89d4ab2e4e20568c7ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 595a02e4bf37f3ea0afe25b3dbc5083a67b4e3ee19eb079c86edadce2606a4e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5017D342042428BD344CF38CCE056BFBA1FB83324B08CB5CC4558B796C638C442C784
                                                                                                                                                                                                        Function 00A5D488 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1789385381.0000000000A55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789301066.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789322900.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789366672.0000000000A53000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CEB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000CF4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789385381.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789634205.0000000000D03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789754200.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1789769673.0000000000EA6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a00000_QBzLk3iR7m.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: de0a8c845cf0ab74dcb3031bdd8aecf2dbe35de0d736a09cec5b2c20fa63908c
                                                                                                                                                                                                        • Instruction ID: 4fcf7779cf918a92482771ae4c2f30c51521aaca75584441ef5a5e8859d41b95
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de0a8c845cf0ab74dcb3031bdd8aecf2dbe35de0d736a09cec5b2c20fa63908c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE01D7B500420ACFEF25AF28C4093EE77E2FB54316F154629DE9142995E7B61CA8CA4A