Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2S6U7zz1Jg.exe

Overview

General Information

Sample name:2S6U7zz1Jg.exe
renamed because original name is a hash value
Original sample name:7a4aeef83782b9985e994fd8665729da.exe
Analysis ID:1581609
MD5:7a4aeef83782b9985e994fd8665729da
SHA1:061a6da74fdd47a230d58ee149e874099c21ab42
SHA256:8a1e5a4184e1718fc7ea124a14436b95da5134d3b8ab03bc77a37091143b7aab
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 2S6U7zz1Jg.exe (PID: 7456 cmdline: "C:\Users\user\Desktop\2S6U7zz1Jg.exe" MD5: 7A4AEEF83782B9985E994FD8665729DA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["cashfuzysao.buzz", "mindhandru.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz", "scentniej.buzz", "hummskitnj.buzz", "screwamusresz.buzz", "inherineau.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:53.415874+010020283713Unknown Traffic192.168.2.44973023.55.153.106443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:51.354579+010020585721Domain Observed Used for C2 Detected192.168.2.4644181.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:51.498490+010020585761Domain Observed Used for C2 Detected192.168.2.4597141.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:51.641742+010020585781Domain Observed Used for C2 Detected192.168.2.4545651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:51.035561+010020585801Domain Observed Used for C2 Detected192.168.2.4622391.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:50.382098+010020585821Domain Observed Used for C2 Detected192.168.2.4597651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:50.581148+010020585841Domain Observed Used for C2 Detected192.168.2.4555411.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:50.731439+010020585861Domain Observed Used for C2 Detected192.168.2.4552041.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:50.893466+010020585881Domain Observed Used for C2 Detected192.168.2.4609591.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:51.206479+010020585901Domain Observed Used for C2 Detected192.168.2.4534481.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-28T09:52:54.169049+010028586661Domain Observed Used for C2 Detected192.168.2.44973023.55.153.106443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: 2S6U7zz1Jg.exeAvira: detected
    Found malware configuration
    Source: 2S6U7zz1Jg.exe.7456.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cashfuzysao.buzz", "mindhandru.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz", "scentniej.buzz", "hummskitnj.buzz", "screwamusresz.buzz", "inherineau.buzz"], "Build id": "PsFKDg--pablo"}
    Multi AV Scanner detection for submitted file
    Source: 2S6U7zz1Jg.exeVirustotal: Detection: 56%Perma Link
    Source: 2S6U7zz1Jg.exeReversingLabs: Detection: 57%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: 2S6U7zz1Jg.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: inherineau.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: scentniej.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: mindhandru.buzz
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000003.1676469210.0000000004BF0000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
    Source: 2S6U7zz1Jg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edx, ebx0_2_00418600
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00451720
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00418A50
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov esi, ecx0_2_004390D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043E0DA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043C0E6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043C09E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043C09E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00451160
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov eax, dword ptr [00456130h]0_2_00428169
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0043B170
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0043D17D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0043D116
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004381CC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00446210
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00450340
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043D34A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0042C300
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_004173D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_004173D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004383D8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov eax, ebx0_2_00437440
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00437440
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_0043C465
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043C465
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0042747D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov word ptr [edx], di0_2_0042747D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_0042B57D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00438528
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edi, ecx0_2_0043A5B6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_004506F0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00437740
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then jmp eax0_2_00439739
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then jmp edx0_2_004337D6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_00419780
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0043C850
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then push esi0_2_0041C805
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00432830
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_0044C830
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0042D8D8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0042D8D8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edx, ecx0_2_0042B8F6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edx, ecx0_2_0042B8F6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov eax, ebx0_2_0042C8A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_0042C8A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_0042C8A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_0042C8A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0042D8AC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0042D8AC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004389E9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0043B980
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0044C990
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then jmp edx0_2_004339B9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_004339B9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_0044CA40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00431A10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then dec edx0_2_0044FA20
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0043AAC0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_0041AB40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then dec edx0_2_0044FB10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_0042EB80
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_0041CC7A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00424CA0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then dec edx0_2_0044FD70
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00450D20
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edx, ecx0_2_00436D2E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_0044EDC1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0044CDF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_0044CDF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0044CDF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_0044CDF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043DDFF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_00432E6D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then jmp edx0_2_00432E6D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00432E6D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then dec edx0_2_0044FE00
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0043DE07
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edx, ecx0_2_00439E80
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_00412EB0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00426F52
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov ecx, eax0_2_0043BF13
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00435F1B

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.4:60959 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.4:53448 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.4:55541 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.4:62239 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.4:59765 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.4:55204 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.4:54565 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.4:59714 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.4:64418 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 23.55.153.106:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: cashfuzysao.buzz
    Source: Malware configuration extractorURLs: mindhandru.buzz
    Source: Malware configuration extractorURLs: rebuildeso.buzz
    Source: Malware configuration extractorURLs: prisonyfork.buzz
    Source: Malware configuration extractorURLs: appliacnesot.buzz
    Source: Malware configuration extractorURLs: scentniej.buzz
    Source: Malware configuration extractorURLs: hummskitnj.buzz
    Source: Malware configuration extractorURLs: screwamusresz.buzz
    Source: Malware configuration extractorURLs: inherineau.buzz
    Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 23.55.153.106:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=5a86ccbb4ea124c0c787c7b1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 08:52:53 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=5a86ccbb4ea124c0c787c7b1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 08:52:53 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
    Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
    Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
    Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
    Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
    Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
    Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
    Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
    Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720710484.00000000010B9000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730401061.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/((hb
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730361370.00000000010A2000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900=
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730361370.00000000010A2000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900p
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.000000000109C000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: 2S6U7zz1Jg.exeStatic PE information: section name:
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: .idata
    Source: 2S6U7zz1Jg.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041B1000_2_0041B100
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004186000_2_00418600
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AF04E0_2_004AF04E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005190560_2_00519056
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B70780_2_004B7078
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E0_2_0052606E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042D0030_2_0042D003
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041D0210_2_0041D021
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005220310_2_00522031
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A90250_2_004A9025
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B403F0_2_004B403F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D103A0_2_004D103A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DE0370_2_004DE037
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043A0CA0_2_0043A0CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048E0C10_2_0048E0C1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA0_2_004830DA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005080CC0_2_005080CC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005120CD0_2_005120CD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004880EC0_2_004880EC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043C0E60_2_0043C0E6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D70E70_2_004D70E7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004260E90_2_004260E9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ED0E00_2_004ED0E0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048708A0_2_0048708A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CA09C0_2_004CA09C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004720960_2_00472096
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043C09E0_2_0043C09E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C20AE0_2_004C20AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CC0AB0_2_004CC0AB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C01450_2_004C0145
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BF1590_2_004BF159
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043C09E0_2_0043C09E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004161600_2_00416160
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004281690_2_00428169
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004861640_2_00486164
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AD17A0_2_004AD17A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C51750_2_004C5175
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047617D0_2_0047617D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A51740_2_004A5174
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DD10E0_2_004DD10E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A81000_2_004A8100
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AB1280_2_004AB128
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A212D0_2_004A212D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FB1390_2_004FB139
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A61CA0_2_004A61CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004821CD0_2_004821CD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A41C40_2_004A41C4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004381CC0_2_004381CC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F31D70_2_004F31D7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EA1D20_2_004EA1D2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BA1EE0_2_004BA1EE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005031F80_2_005031F8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F91FF0_2_004F91FF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005041E00_2_005041E0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005141E70_2_005141E7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052C1E50_2_0052C1E5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048D1F40_2_0048D1F4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005251EC0_2_005251EC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005011EF0_2_005011EF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005201920_2_00520192
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043E1800_2_0043E180
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047718C0_2_0047718C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048F1860_2_0048F186
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044F18B0_2_0044F18B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050B1840_2_0050B184
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B219C0_2_004B219C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EC1960_2_004EC196
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D61970_2_004D6197
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047B1980_2_0047B198
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B41A10_2_004B41A1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004391AE0_2_004391AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050E1A10_2_0050E1A1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050A1A80_2_0050A1A8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CB1B60_2_004CB1B6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004802460_2_00480246
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CF2550_2_004CF255
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D02510_2_004D0251
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005652760_2_00565276
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005152700_2_00515270
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004142700_2_00414270
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D520A0_2_004D520A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052F21C0_2_0052F21C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F12160_2_004F1216
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042E2200_2_0042E220
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004212270_2_00421227
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F02370_2_004F0237
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004972CA0_2_004972CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004712CA0_2_004712CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004342D00_2_004342D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004902DA0_2_004902DA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005022FB0_2_005022FB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052E2FD0_2_0052E2FD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049E2FD0_2_0049E2FD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049D2F60_2_0049D2F6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BC2880_2_004BC288
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004492800_2_00449280
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C82820_2_004C8282
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005272840_2_00527284
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004952950_2_00495295
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052B2BE0_2_0052B2BE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EF2A10_2_004EF2A1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004313400_2_00431340
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D434E0_2_004D434E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D83450_2_004D8345
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043D34A0_2_0043D34A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A33470_2_004A3347
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EB35E0_2_004EB35E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B83540_2_004B8354
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B736A0_2_004B736A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052937B0_2_0052937B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F237F0_2_004F237F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043F3770_2_0043F377
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005283670_2_00528367
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005143660_2_00514366
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F830E0_2_004F830E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C73080_2_004C7308
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052C3180_2_0052C318
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E931E0_2_004E931E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004193100_2_00419310
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050F3020_2_0050F302
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005D233B0_2_005D233B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CE3250_2_004CE325
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D33370_2_004D3337
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047B3390_2_0047B339
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005D73220_2_005D7322
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005093D00_2_005093D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041F3C00_2_0041F3C0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004723C90_2_004723C9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004173D00_2_004173D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A73DE0_2_004A73DE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FA3D70_2_004FA3D7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004383D80_2_004383D8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004783E40_2_004783E4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DA38D0_2_004DA38D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005DC38A0_2_005DC38A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E73AC0_2_004E73AC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A93AE0_2_004A93AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004853A20_2_004853A2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051B3BE0_2_0051B3BE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047F3B80_2_0047F3B8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004374400_2_00437440
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E044D0_2_004E044D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044A4400_2_0044A440
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FF4480_2_004FF448
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005174450_2_00517445
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CC4560_2_004CC456
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D14520_2_004D1452
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AF46B0_2_004AF46B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004504600_2_00450460
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049747A0_2_0049747A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005304670_2_00530467
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005204670_2_00520467
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042747D0_2_0042747D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052D41A0_2_0052D41A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005194010_2_00519401
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049841B0_2_0049841B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A84180_2_004A8418
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004754110_2_00475411
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ED4180_2_004ED418
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005334380_2_00533438
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048143A0_2_0048143A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050D4270_2_0050D427
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BE4350_2_004BE435
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004304C60_2_004304C6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051A4D80_2_0051A4D8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B74D40_2_004B74D4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A84EA0_2_004A84EA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004324E00_2_004324E0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AB4E90_2_004AB4E9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FC4EA0_2_004FC4EA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AE4EC0_2_004AE4EC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004964EE0_2_004964EE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041D4F30_2_0041D4F3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004734FE0_2_004734FE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004874800_2_00487480
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048449B0_2_0048449B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051C4820_2_0051C482
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BF4A70_2_004BF4A7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CB4A00_2_004CB4A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C94BF0_2_004C94BF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BB5410_2_004BB541
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049D5520_2_0049D552
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A25540_2_004A2554
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DC56D0_2_004DC56D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004345600_2_00434560
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052F57A0_2_0052F57A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A65600_2_004A6560
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049A5700_2_0049A570
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050B56C0_2_0050B56C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051B5100_2_0051B510
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E75070_2_004E7507
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C25100_2_004C2510
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D95100_2_004D9510
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005015330_2_00501533
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048A5240_2_0048A524
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005125250_2_00512525
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043C53C0_2_0043C53C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EC5C90_2_004EC5C9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044A5D40_2_0044A5D4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005255F40_2_005255F4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F35E60_2_004F35E6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004165F00_2_004165F0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004865F10_2_004865F1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B55F20_2_004B55F2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005235EF0_2_005235EF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F158C0_2_004F158C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004885850_2_00488585
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052A59D0_2_0052A59D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049F5930_2_0049F593
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C55AD0_2_004C55AD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044C5A00_2_0044C5A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BA5AF0_2_004BA5AF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004815B80_2_004815B8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048E5BB0_2_0048E5BB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F85B40_2_004F85B4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A96490_2_004A9649
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004706550_2_00470655
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004486500_2_00448650
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D06590_2_004D0659
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005166460_2_00516646
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D466B0_2_004D466B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F96600_2_004F9660
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047E6750_2_0047E675
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047867B0_2_0047867B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B960D0_2_004B960D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041F60D0_2_0041F60D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051561C0_2_0051561C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CE61E0_2_004CE61E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042961B0_2_0042961B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051F6300_2_0051F630
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005006370_2_00500637
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C66260_2_004C6626
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A56260_2_004A5626
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F06230_2_004F0623
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050E63D0_2_0050E63D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042E6300_2_0042E630
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E46350_2_004E4635
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049C6340_2_0049C634
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D36CA0_2_004D36CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004346D00_2_004346D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050F6C70_2_0050F6C7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BD6D30_2_004BD6D3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004926D40_2_004926D4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F76E50_2_004F76E5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004506F00_2_004506F0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E16F10_2_004E16F1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041E6870_2_0041E687
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EE69F0_2_004EE69F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C469A0_2_004C469A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048F6960_2_0048F696
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051E6B10_2_0051E6B1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B36A90_2_004B36A9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0069E6800_2_0069E680
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005106B80_2_005106B8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005286B90_2_005286B9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AD6A70_2_004AD6A7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005046BE0_2_005046BE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004377400_2_00437740
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051B7590_2_0051B759
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004227500_2_00422750
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005077430_2_00507743
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DA7590_2_004DA759
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B176A0_2_004B176A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005097710_2_00509771
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004957600_2_00495760
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005337790_2_00533779
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005277680_2_00527768
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E37140_2_004E3714
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048B72B0_2_0048B72B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F572B0_2_004F572B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050273B0_2_0050273B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B973A0_2_004B973A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052B7230_2_0052B723
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049E7310_2_0049E731
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004397390_2_00439739
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004257C00_2_004257C0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FD7C40_2_004FD7C4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005D57D30_2_005D57D3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005227C60_2_005227C6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FE7D40_2_004FE7D4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C17EE0_2_004C17EE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050D7F50_2_0050D7F5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CC7EA0_2_004CC7EA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005A67FD0_2_005A67FD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C77E40_2_004C77E4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005177E00_2_005177E0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004197800_2_00419780
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005167960_2_00516796
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047978E0_2_0047978E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004987990_2_00498799
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004807930_2_00480793
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052C78F0_2_0052C78F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B87AF0_2_004B87AF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004727AE0_2_004727AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005207BF0_2_005207BF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CF7BD0_2_004CF7BD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004747BF0_2_004747BF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041C8400_2_0041C840
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D784F0_2_004D784F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B785B0_2_004B785B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005268430_2_00526843
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051A8490_2_0051A849
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A18680_2_004A1868
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052987C0_2_0052987C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049B87F0_2_0049B87F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FA80D0_2_004FA80D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049F80A0_2_0049F80A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052481C0_2_0052481C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F681E0_2_004F681E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F881A0_2_004F881A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FF8180_2_004FF818
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047181D0_2_0047181D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047C81C0_2_0047C81C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048983A0_2_0048983A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041D83C0_2_0041D83C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004138C00_2_004138C0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BE8C80_2_004BE8C8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B28DA0_2_004B28DA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004438D00_2_004438D0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005D08CA0_2_005D08CA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ED8D60_2_004ED8D6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FB8E80_2_004FB8E8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AC8E20_2_004AC8E2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BF8E30_2_004BF8E3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E68E50_2_004E68E5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042B8F60_2_0042B8F6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D58F50_2_004D58F5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D98F50_2_004D98F5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AB8F10_2_004AB8F1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049A8F40_2_0049A8F4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F488C0_2_004F488C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B68860_2_004B6886
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049489F0_2_0049489F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047389F0_2_0047389F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005058B10_2_005058B1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042C8A00_2_0042C8A0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E48AA0_2_004E48AA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004888AE0_2_004888AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004768AE0_2_004768AE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004488B00_2_004488B0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004968B00_2_004968B0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CD8B70_2_004CD8B7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D08B30_2_004D08B3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F094B0_2_004F094B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049E9560_2_0049E956
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042E9600_2_0042E960
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FC96D0_2_004FC96D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004939630_2_00493963
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050A9670_2_0050A967
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004159000_2_00415900
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005119010_2_00511901
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004369100_2_00436910
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051590F0_2_0051590F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0054D9360_2_0054D936
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AA9320_2_004AA932
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051B92F0_2_0051B92F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F39CC0_2_004F39CC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DB9C70_2_004DB9C7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005C69CC0_2_005C69CC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BB9D60_2_004BB9D6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051D9CE0_2_0051D9CE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004959E80_2_004959E8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005049F30_2_005049F3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004509E00_2_004509E0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043C9EB0_2_0043C9EB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E49FE0_2_004E49FE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B59FA0_2_004B59FA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A49F70_2_004A49F7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048D9890_2_0048D989
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DE9910_2_004DE991
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005129B70_2_005129B7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004899A50_2_004899A5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004339B90_2_004339B9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E9A4D0_2_004E9A4D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044CA400_2_0044CA40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044DA4D0_2_0044DA4D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00445A4F0_2_00445A4F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052FA400_2_0052FA40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00488A550_2_00488A55
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C9A510_2_004C9A51
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00500A4D0_2_00500A4D
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EAA660_2_004EAA66
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048AA620_2_0048AA62
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E6A640_2_004E6A64
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C8A670_2_004C8A67
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ADA660_2_004ADA66
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00473A030_2_00473A03
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A5A190_2_004A5A19
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00521A040_2_00521A04
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B0A120_2_004B0A12
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B7A110_2_004B7A11
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D8A100_2_004D8A10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00516A0F0_2_00516A0F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044FA200_2_0044FA20
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D4A210_2_004D4A21
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00485A250_2_00485A25
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050BA290_2_0050BA29
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00478AC40_2_00478AC4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CAACA0_2_004CAACA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D7AC40_2_004D7AC4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00429AD00_2_00429AD0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047EAD10_2_0047EAD1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00523AC40_2_00523AC4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B3AEB0_2_004B3AEB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EEAE20_2_004EEAE2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00532AFC0_2_00532AFC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D6AFE0_2_004D6AFE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047BAF00_2_0047BAF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A2AF10_2_004A2AF1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052AAED0_2_0052AAED
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00518A910_2_00518A91
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00449A800_2_00449A80
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00498A8C0_2_00498A8C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A3AAF0_2_004A3AAF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050CAB70_2_0050CAB7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C6AA50_2_004C6AA5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00468AA90_2_00468AA9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C5ABF0_2_004C5ABF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00502AA40_2_00502AA4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00528AA80_2_00528AA8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00438ABC0_2_00438ABC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00531AAC0_2_00531AAC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0041AB400_2_0041AB40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00486B450_2_00486B45
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FFB580_2_004FFB58
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00475B5A0_2_00475B5A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00470B7B0_2_00470B7B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048BB0C0_2_0048BB0C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044FB100_2_0044FB10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048DB1E0_2_0048DB1E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00510B090_2_00510B09
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00493B100_2_00493B10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FEB160_2_004FEB16
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051CB330_2_0051CB33
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00508B290_2_00508B29
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00480BC80_2_00480BC8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F3BCE0_2_004F3BCE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B8BCF0_2_004B8BCF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052CBDA0_2_0052CBDA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00496BC30_2_00496BC3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C0BDB0_2_004C0BDB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0051ABF10_2_0051ABF1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B2BE20_2_004B2BE2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BCBE20_2_004BCBE2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0042EB800_2_0042EB80
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050CB810_2_0050CB81
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00414BA00_2_00414BA0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00498BA80_2_00498BA8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E1BAA0_2_004E1BAA
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00530BB60_2_00530BB6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00497BA60_2_00497BA6
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004BABBB0_2_004BABBB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004AEBB30_2_004AEBB3
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B1BB70_2_004B1BB7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00479BB80_2_00479BB8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E3BB10_2_004E3BB1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048FC4A0_2_0048FC4A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F4C400_2_004F4C40
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00514C480_2_00514C48
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ECC500_2_004ECC50
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004C1C6F0_2_004C1C6F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E8C7F0_2_004E8C7F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004E2C740_2_004E2C74
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ABC080_2_004ABC08
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D0C090_2_004D0C09
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00443C100_2_00443C10
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049FC1E0_2_0049FC1E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004FCCC90_2_004FCCC9
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0047ACCD0_2_0047ACCD
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00487CDF0_2_00487CDF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00494CD10_2_00494CD1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00495CD40_2_00495CD4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004CDCEB0_2_004CDCEB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004DECE70_2_004DECE7
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00441CF00_2_00441CF0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00524CEC0_2_00524CEC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004ACC8A0_2_004ACC8A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B3C8A0_2_004B3C8A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049DC8F0_2_0049DC8F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A1C850_2_004A1C85
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048AC9B0_2_0048AC9B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00424CA00_2_00424CA0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A7CAF0_2_004A7CAF
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EECAB0_2_004EECAB
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00481CA00_2_00481CA0
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0050DCA20_2_0050DCA2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_005D3D5C0_2_005D3D5C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004A8D410_2_004A8D41
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00491D470_2_00491D47
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043CD4C0_2_0043CD4C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0043CD5E0_2_0043CD5E
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0048CD790_2_0048CD79
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044FD700_2_0044FD70
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00505D660_2_00505D66
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00483D760_2_00483D76
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00431D000_2_00431D00
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004B4D0F0_2_004B4D0F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004EBD0B0_2_004EBD0B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004F9D090_2_004F9D09
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004D6D050_2_004D6D05
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: String function: 00417F60 appears 40 times
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: String function: 00424C90 appears 77 times
    Source: 2S6U7zz1Jg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 2S6U7zz1Jg.exeStatic PE information: Section: ZLIB complexity 0.9995595894607843
    Source: 2S6U7zz1Jg.exeStatic PE information: Section: qpjbghvm ZLIB complexity 0.9946745181511976
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00442070 CoCreateInstance,0_2_00442070
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 2S6U7zz1Jg.exeVirustotal: Detection: 56%
    Source: 2S6U7zz1Jg.exeReversingLabs: Detection: 57%
    Source: 2S6U7zz1Jg.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile read: C:\Users\user\Desktop\2S6U7zz1Jg.exeJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSection loaded: dpapi.dllJump to behavior
    Source: 2S6U7zz1Jg.exeStatic file information: File size 1882624 > 1048576
    Source: 2S6U7zz1Jg.exeStatic PE information: Raw size of qpjbghvm is bigger than: 0x100000 < 0x1a1800

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeUnpacked PE file: 0.2.2S6U7zz1Jg.exe.410000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qpjbghvm:EW;rdmjfxun:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qpjbghvm:EW;rdmjfxun:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: 2S6U7zz1Jg.exeStatic PE information: real checksum: 0x1d857c should be: 0x1d8a34
    Source: 2S6U7zz1Jg.exeStatic PE information: section name:
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: .idata
    Source: 2S6U7zz1Jg.exeStatic PE information: section name:
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: qpjbghvm
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: rdmjfxun
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00467048 push 58818EAAh; mov dword ptr [esp], ecx0_2_00467690
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0068A077 push edi; mov dword ptr [esp], ecx0_2_0068A122
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0046C062 push 39AD5F74h; mov dword ptr [esp], edx0_2_0046C080
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_006A6042 push 60516CA5h; mov dword ptr [esp], edx0_2_006A6099
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00447069 push es; retf 0_2_00447074
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E push esi; mov dword ptr [esp], 5CD803EAh0_2_00526541
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E push edi; mov dword ptr [esp], eax0_2_005265B4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E push ebp; mov dword ptr [esp], ecx0_2_005266C5
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E push 6B512E81h; mov dword ptr [esp], ecx0_2_00526749
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0052606E push ebx; mov dword ptr [esp], ebp0_2_005267BC
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0064A05B push eax; mov dword ptr [esp], edx0_2_0064A092
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push 4FE9698Ah; mov dword ptr [esp], edi0_2_0052256C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push edx; mov dword ptr [esp], ebp0_2_005225C8
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push esi; mov dword ptr [esp], 7A99BF92h0_2_00522616
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push ebx; mov dword ptr [esp], edx0_2_00522626
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push ebx; mov dword ptr [esp], 7CB29B9Eh0_2_00522633
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push ebp; mov dword ptr [esp], 2EF42D0Eh0_2_005226C2
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push ebp; mov dword ptr [esp], 7CD05B92h0_2_005226CE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00522031 push edi; mov dword ptr [esp], ebp0_2_00522706
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0046703A push eax; mov dword ptr [esp], esi0_2_00467844
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0049D037 push eax; mov dword ptr [esp], ebx0_2_0049D0A4
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push edx; mov dword ptr [esp], esi0_2_00483487
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push 5FFE78ADh; mov dword ptr [esp], esi0_2_0048348F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push 308AB253h; mov dword ptr [esp], eax0_2_00483497
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push 1EC74911h; mov dword ptr [esp], edi0_2_004834C1
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push edi; mov dword ptr [esp], 39B469BFh0_2_00483511
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push ebx; mov dword ptr [esp], edx0_2_0048359B
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push esi; mov dword ptr [esp], esp0_2_0048359F
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push eax; mov dword ptr [esp], ebx0_2_004835CE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_004830DA push edx; mov dword ptr [esp], ebx0_2_00483615
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0046B0DA push eax; mov dword ptr [esp], 66EA7684h0_2_0046FB96
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: entropy: 7.979538958155043
    Source: 2S6U7zz1Jg.exeStatic PE information: section name: qpjbghvm entropy: 7.953203720827928

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeWindow searched: window name: RegmonclassJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E2CD8 second address: 5E2CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3519h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E1E84 second address: 5E1E8E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDE99127C86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E1E8E second address: 5E1EA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3514h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E22DC second address: 5E22E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4D13 second address: 5E4D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4D17 second address: 5E4DCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a je 00007FDE99127C86h 0x00000010 clc 0x00000011 push 00000000h 0x00000013 jg 00007FDE99127C94h 0x00000019 push D66C3F0Dh 0x0000001e jo 00007FDE99127C9Dh 0x00000024 jmp 00007FDE99127C97h 0x00000029 add dword ptr [esp], 2993C173h 0x00000030 call 00007FDE99127C8Dh 0x00000035 mov ecx, 0B49E68Fh 0x0000003a pop edx 0x0000003b push 00000003h 0x0000003d pushad 0x0000003e xor ecx, dword ptr [ebp+122D36D2h] 0x00000044 add dword ptr [ebp+122D18EAh], edx 0x0000004a popad 0x0000004b push 00000000h 0x0000004d jmp 00007FDE99127C90h 0x00000052 push 00000003h 0x00000054 push 00000000h 0x00000056 push ecx 0x00000057 call 00007FDE99127C88h 0x0000005c pop ecx 0x0000005d mov dword ptr [esp+04h], ecx 0x00000061 add dword ptr [esp+04h], 00000014h 0x00000069 inc ecx 0x0000006a push ecx 0x0000006b ret 0x0000006c pop ecx 0x0000006d ret 0x0000006e mov ecx, dword ptr [ebp+122D18F6h] 0x00000074 push F50C5604h 0x00000079 push eax 0x0000007a push edx 0x0000007b jc 00007FDE99127C88h 0x00000081 push edx 0x00000082 pop edx 0x00000083 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4DCF second address: 5E4E42 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDE98DE350Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 350C5604h 0x00000011 jmp 00007FDE98DE3518h 0x00000016 lea ebx, dword ptr [ebp+1244FB50h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007FDE98DE3508h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000016h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 mov edx, dword ptr [ebp+122D3812h] 0x0000003c xchg eax, ebx 0x0000003d jnc 00007FDE98DE350Eh 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 je 00007FDE98DE3508h 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4EB1 second address: 5E4F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 nop 0x00000007 call 00007FDE99127C99h 0x0000000c pop edx 0x0000000d push 00000000h 0x0000000f or cx, 8DE9h 0x00000014 call 00007FDE99127C89h 0x00000019 jmp 00007FDE99127C8Ch 0x0000001e push eax 0x0000001f jc 00007FDE99127CA0h 0x00000025 push esi 0x00000026 jmp 00007FDE99127C98h 0x0000002b pop esi 0x0000002c mov eax, dword ptr [esp+04h] 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4F18 second address: 5E4F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4F1C second address: 5E4F33 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDE99127C8Fh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4F33 second address: 5E4FC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3517h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c js 00007FDE98DE3510h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FDE98DE3513h 0x0000001b pop eax 0x0000001c push edi 0x0000001d mov ch, dl 0x0000001f pop edi 0x00000020 push 00000003h 0x00000022 movzx edx, ax 0x00000025 push 00000000h 0x00000027 and ecx, dword ptr [ebp+122D367Ah] 0x0000002d mov edi, dword ptr [ebp+122D2EA7h] 0x00000033 push 00000003h 0x00000035 jbe 00007FDE98DE350Ah 0x0000003b call 00007FDE98DE3509h 0x00000040 jno 00007FDE98DE3511h 0x00000046 push eax 0x00000047 pushad 0x00000048 push edx 0x00000049 push ecx 0x0000004a pop ecx 0x0000004b pop edx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E4FC0 second address: 5E4FFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push ebx 0x0000000d jmp 00007FDE99127C95h 0x00000012 pop ebx 0x00000013 pushad 0x00000014 jng 00007FDE99127C86h 0x0000001a ja 00007FDE99127C86h 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jng 00007FDE99127C86h 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5E5113 second address: 5E5170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 5E131269h 0x0000000c jg 00007FDE98DE3509h 0x00000012 adc di, F309h 0x00000017 push 00000003h 0x00000019 xor si, 318Ah 0x0000001e push 00000000h 0x00000020 jmp 00007FDE98DE3517h 0x00000025 push 00000003h 0x00000027 pushad 0x00000028 jno 00007FDE98DE350Ch 0x0000002e popad 0x0000002f push BE761B29h 0x00000034 push eax 0x00000035 push edx 0x00000036 jne 00007FDE98DE350Ch 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 603DFF second address: 603E1F instructions: 0x00000000 rdtsc 0x00000002 je 00007FDE99127C86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDE99127C94h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 603E1F second address: 603E23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 603E23 second address: 603E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 603E2F second address: 603E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jnc 00007FDE98DE3506h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 603E44 second address: 603E4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604526 second address: 60452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60452C second address: 60453A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60453A second address: 604543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604543 second address: 604558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE99127C91h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60467F second address: 604683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604683 second address: 604689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604957 second address: 60495D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604D35 second address: 604D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE99127C8Fh 0x00000009 popad 0x0000000a push ecx 0x0000000b jmp 00007FDE99127C8Bh 0x00000010 pop ecx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604D56 second address: 604D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604D5C second address: 604D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5FD066 second address: 5FD070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604E8E second address: 604E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 604E94 second address: 604EAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3512h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 605879 second address: 6058A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FDE99127C99h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6058A7 second address: 6058B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FDE98DE350Ah 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 608B2A second address: 608B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60ADF9 second address: 60AE14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jo 00007FDE98DE3506h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 jng 00007FDE98DE3506h 0x0000001a popad 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60C6CF second address: 60C6D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 60C6D5 second address: 60C6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6101A5 second address: 6101AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6101AB second address: 6101B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6101B4 second address: 6101BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5D1E4B second address: 5D1E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jc 00007FDE98DE3522h 0x0000000f jmp 00007FDE98DE350Ch 0x00000014 jmp 00007FDE98DE3510h 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613F9A second address: 613FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FDE99127C86h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613FAA second address: 613FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CB478 second address: 5CB480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CB480 second address: 5CB486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613435 second address: 61343B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613800 second address: 613804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613804 second address: 613826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FDE99127C97h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 613826 second address: 61384C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007FDE98DE350Ah 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007FDE98DE3512h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61384C second address: 613873 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE99127C94h 0x00000009 jmp 00007FDE99127C8Fh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616C21 second address: 616C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616C25 second address: 616C37 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDE99127C86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616C37 second address: 616C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616C3B second address: 616C55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616D09 second address: 616D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616D0D second address: 616D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6176ED second address: 6176F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6176F3 second address: 6176F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6176F7 second address: 6176FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 617898 second address: 6178C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007FDE99127C88h 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6178C0 second address: 6178C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6178C4 second address: 6178C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 617990 second address: 617994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 617994 second address: 617998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6199E6 second address: 619A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FDE98DE3506h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDE98DE350Fh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61B802 second address: 61B807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61B5CA second address: 61B5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61B5CE second address: 61B5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61B807 second address: 61B871 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDE98DE351Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FDE98DE3508h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D1AE8h], ecx 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+12455AA2h], edx 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 push ecx 0x00000039 mov edi, 18E7B5B0h 0x0000003e pop edi 0x0000003f pop esi 0x00000040 xchg eax, ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 pop eax 0x00000046 jns 00007FDE98DE3506h 0x0000004c popad 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61B5D2 second address: 61B5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61C38C second address: 61C39D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE98DE350Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61C103 second address: 61C107 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61CE81 second address: 61CEF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FDE98DE3508h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+12473351h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007FDE98DE3508h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 pushad 0x00000046 sub dword ptr [ebp+122D2E3Bh], ebx 0x0000004c mov ecx, 01CE616Ah 0x00000051 popad 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FDE98DE3513h 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61CEF3 second address: 61CF04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61F8A7 second address: 61F915 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007FDE98DE3511h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FDE98DE3508h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 jns 00007FDE98DE350Bh 0x0000002e push 00000000h 0x00000030 cld 0x00000031 mov edi, edx 0x00000033 xchg eax, esi 0x00000034 push ebx 0x00000035 push ecx 0x00000036 je 00007FDE98DE3506h 0x0000003c pop ecx 0x0000003d pop ebx 0x0000003e push eax 0x0000003f pushad 0x00000040 jg 00007FDE98DE3518h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61FA50 second address: 61FA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 621B24 second address: 621B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61FA54 second address: 61FB14 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDE99127C86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007FDE99127CA2h 0x00000011 nop 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007FDE99127C88h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 mov ebx, dword ptr [ebp+122D31E6h] 0x00000039 mov edi, dword ptr [ebp+122D37D6h] 0x0000003f and edi, 4B439602h 0x00000045 mov dword ptr fs:[00000000h], esp 0x0000004c xor edi, dword ptr [ebp+122D2D94h] 0x00000052 mov eax, dword ptr [ebp+122D1025h] 0x00000058 mov di, cx 0x0000005b push FFFFFFFFh 0x0000005d push 00000000h 0x0000005f push ecx 0x00000060 call 00007FDE99127C88h 0x00000065 pop ecx 0x00000066 mov dword ptr [esp+04h], ecx 0x0000006a add dword ptr [esp+04h], 0000001Bh 0x00000072 inc ecx 0x00000073 push ecx 0x00000074 ret 0x00000075 pop ecx 0x00000076 ret 0x00000077 mov ebx, dword ptr [ebp+122D377Eh] 0x0000007d nop 0x0000007e jmp 00007FDE99127C92h 0x00000083 push eax 0x00000084 push edi 0x00000085 push eax 0x00000086 push edx 0x00000087 pushad 0x00000088 popad 0x00000089 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61FB14 second address: 61FB18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 622BD8 second address: 622BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 621D62 second address: 621D70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 621D70 second address: 621D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 623BB0 second address: 623C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+1246170Bh], eax 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FDE98DE3508h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FDE98DE3508h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 sub ebx, 5707ABB2h 0x0000004c xchg eax, esi 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 622DA8 second address: 622DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 626D74 second address: 626D90 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FDE98DE3511h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 626D90 second address: 626D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 626D96 second address: 626D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 629B2A second address: 629B2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 629B2F second address: 629B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62AB1D second address: 62AB21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62AB21 second address: 62AB27 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62AB27 second address: 62AB3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE99127C93h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 629D68 second address: 629D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 627E2A second address: 627E51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d jmp 00007FDE99127C8Eh 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 629D6D second address: 629D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE98DE3510h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 627E51 second address: 627E5B instructions: 0x00000000 rdtsc 0x00000002 js 00007FDE99127C8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62AD6F second address: 62AD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 627E5B second address: 627ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edi, dword ptr [ebp+1244D14Dh] 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov edi, dword ptr [ebp+122D36BEh] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push edi 0x00000024 call 00007FDE99127C88h 0x00000029 pop edi 0x0000002a mov dword ptr [esp+04h], edi 0x0000002e add dword ptr [esp+04h], 0000001Dh 0x00000036 inc edi 0x00000037 push edi 0x00000038 ret 0x00000039 pop edi 0x0000003a ret 0x0000003b movsx edi, cx 0x0000003e mov eax, dword ptr [ebp+122D05A9h] 0x00000044 pushad 0x00000045 popad 0x00000046 mov ebx, dword ptr [ebp+122D383Ah] 0x0000004c push FFFFFFFFh 0x0000004e or bx, 5CFCh 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FDE99127C90h 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 627ECE second address: 627ED4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5D534E second address: 5D5352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62DFA9 second address: 62DFB3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDE98DE3506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 62FED7 second address: 62FEFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FDE99127C94h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007FDE99127C86h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 634382 second address: 634388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 634388 second address: 634398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FDE99127C88h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 634398 second address: 6343B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDE98DE3511h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6343B3 second address: 6343B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CCDD3 second address: 5CCDD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CCDD7 second address: 5CCDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CCDDD second address: 5CCE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FDE98DE350Fh 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ecx 0x0000000f popad 0x00000010 jng 00007FDE98DE352Ch 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5CCE00 second address: 5CCE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE99127C98h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6389B6 second address: 6389BC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6389BC second address: 6389C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FDE99127C86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6389C7 second address: 6389CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64187E second address: 641882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 641882 second address: 6418C9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDE98DE3506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 jmp 00007FDE98DE3513h 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push ecx 0x0000001b jmp 00007FDE98DE3511h 0x00000020 pop ecx 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 jnp 00007FDE98DE3508h 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6418C9 second address: 6418EE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDE99127C88h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDE99127C93h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6418EE second address: 6418F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 641AE9 second address: 641AF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FDE99127C86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C7DF3 second address: 5C7DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 645F2B second address: 645F45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FDE99127C93h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64609A second address: 6460CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FDE98DE3506h 0x0000000a jc 00007FDE98DE3528h 0x00000010 jmp 00007FDE98DE3518h 0x00000015 jmp 00007FDE98DE350Ah 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6460CC second address: 6460D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6460D4 second address: 6460D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6460D8 second address: 6460DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 646398 second address: 6463D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FDE98DE3519h 0x0000000f pop eax 0x00000010 push edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64657E second address: 646582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64FC1F second address: 64FC25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64FC25 second address: 64FC53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edi 0x00000010 jmp 00007FDE99127C8Fh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64FC53 second address: 64FC5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64FC5D second address: 64FC70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5DD9EA second address: 5DD9F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64E8DE second address: 64E8EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FDE99127C86h 0x0000000a jne 00007FDE99127C86h 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EA50 second address: 64EA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EA54 second address: 64EA64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FDE99127C86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EA64 second address: 64EA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64ED03 second address: 64ED08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EE31 second address: 64EE54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE350Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007FDE98DE3506h 0x00000012 jl 00007FDE98DE3506h 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EF93 second address: 64EF99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64EF99 second address: 64EF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F0C3 second address: 64F0E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE99127C92h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FDE99127C86h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F0E2 second address: 64F107 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FDE98DE3506h 0x0000000e jmp 00007FDE98DE3517h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F3C5 second address: 64F3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FDE99127C9Fh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F69E second address: 64F6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F6A9 second address: 64F6AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64F6AD second address: 64F6B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64E532 second address: 64E536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 64E536 second address: 64E53A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6581FC second address: 658204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 658204 second address: 65822E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDE98DE350Ch 0x00000008 je 00007FDE98DE3506h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FDE98DE3514h 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65822E second address: 658255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FDE99127C8Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FDE99127C92h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 656E54 second address: 656E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 656E5C second address: 656E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDE99127C86h 0x0000000a jmp 00007FDE99127C99h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007FDE99127C86h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65717A second address: 657180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 657180 second address: 657184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 657184 second address: 6571A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDE98DE3516h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65747C second address: 657486 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDE99127C8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 657BCF second address: 657BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65D472 second address: 65D476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65D476 second address: 65D47A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65D47A second address: 65D483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65D483 second address: 65D488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65D488 second address: 65D495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 615374 second address: 5FD066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b jne 00007FDE98DE3506h 0x00000011 pop eax 0x00000012 jne 00007FDE98DE3508h 0x00000018 popad 0x00000019 nop 0x0000001a jnl 00007FDE98DE350Ch 0x00000020 mov edx, dword ptr [ebp+122D1CE3h] 0x00000026 call dword ptr [ebp+122DB50Ch] 0x0000002c pushad 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 jmp 00007FDE98DE350Fh 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 popad 0x00000038 jne 00007FDE98DE3512h 0x0000003e popad 0x0000003f push edx 0x00000040 jne 00007FDE98DE350Ah 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6157EB second address: 6157EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6157EF second address: 6157F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 615882 second address: 61589D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE99127C97h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 61589D second address: 6158C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 37505900h 0x0000000f or ecx, dword ptr [ebp+122D29F0h] 0x00000015 call 00007FDE98DE3509h 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007FDE98DE350Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6158C5 second address: 6158C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6158C9 second address: 615934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FDE98DE350Eh 0x00000010 jnl 00007FDE98DE3508h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jnc 00007FDE98DE3514h 0x00000020 mov eax, dword ptr [eax] 0x00000022 jnp 00007FDE98DE351Ah 0x00000028 jmp 00007FDE98DE3514h 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jns 00007FDE98DE3508h 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 615934 second address: 615939 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 615DA8 second address: 615DF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edx, 53B2A656h 0x0000000f push 00000004h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FDE98DE3508h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov edx, 356F6E51h 0x00000030 cmc 0x00000031 push eax 0x00000032 jl 00007FDE98DE3510h 0x00000038 push eax 0x00000039 push edx 0x0000003a push ecx 0x0000003b pop ecx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6161AB second address: 6161C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C92h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6161C1 second address: 6161C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6165BB second address: 6165C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65C9C9 second address: 65C9D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65C9D0 second address: 65C9D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65C9D8 second address: 65C9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FDE98DE3512h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65C9F3 second address: 65C9F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CCE2 second address: 65CCE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CCE6 second address: 65CCEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CCEA second address: 65CD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE98DE3512h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CD02 second address: 65CD0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CD0E second address: 65CD12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CD12 second address: 65CD4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FDE99127C8Ah 0x00000013 pushad 0x00000014 popad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FDE99127C99h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CD4D second address: 65CD61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3510h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65CD61 second address: 65CD71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FDE99127C86h 0x0000000a jnl 00007FDE99127C86h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C9A06 second address: 5C9A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FDE98DE3519h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C9A24 second address: 5C9A64 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FDE99127C90h 0x00000008 jmp 00007FDE99127C97h 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 pushad 0x00000012 jmp 00007FDE99127C8Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65FCC4 second address: 65FCCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65FCCD second address: 65FCD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65FCD3 second address: 65FCD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65FE1E second address: 65FE24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 65FE24 second address: 65FE3A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDE98DE350Ch 0x00000008 jnp 00007FDE98DE3506h 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FDE98DE3506h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 66010B second address: 660111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 662436 second address: 66243A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6625D1 second address: 6625F3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDE99127C86h 0x00000008 jmp 00007FDE99127C8Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FDE99127C8Bh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 668D70 second address: 668D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDE98DE3506h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 668D7C second address: 668D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 668D86 second address: 668DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE98DE3518h 0x00000009 ja 00007FDE98DE3506h 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 668DAD second address: 668DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDE99127C86h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FDE99127C86h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 66BCDE second address: 66BCE7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 66BCE7 second address: 66BCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 671CB6 second address: 671CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670503 second address: 670519 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007FDE99127C86h 0x00000010 jp 00007FDE99127C86h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670519 second address: 670537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3514h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 67069F second address: 6706CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007FDE99127C94h 0x0000000f pop edx 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6706CF second address: 6706E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 jl 00007FDE98DE350Ah 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670823 second address: 67082A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 67082A second address: 67083A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007FDE98DE3506h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670B5D second address: 670B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670B61 second address: 670B65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670B65 second address: 670B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDE99127C8Ch 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 616066 second address: 616073 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDE98DE3506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670E0E second address: 670E1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670E1E second address: 670E4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3513h 0x00000007 jmp 00007FDE98DE350Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670E4A second address: 670E5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C8Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 670E5A second address: 670E79 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDE98DE3508h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDE98DE3513h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6719BE second address: 6719C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6719C4 second address: 6719CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6719CC second address: 6719D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6719D4 second address: 6719F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDE98DE350Eh 0x0000000a pushad 0x0000000b jl 00007FDE98DE3506h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C6488 second address: 5C649C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FDE99127C86h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C649C second address: 5C64AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FDE98DE3506h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 5C64AA second address: 5C64CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FDE99127C86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FDE99127C86h 0x00000013 jmp 00007FDE99127C8Dh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 677C5F second address: 677C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 677C6A second address: 677C6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 677C6F second address: 677C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE98DE350Eh 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6786B4 second address: 6786C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FDE99127C86h 0x0000000a je 00007FDE99127C86h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6786C4 second address: 6786DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FDE98DE3511h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6786DE second address: 6786EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6786EE second address: 678704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3512h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 678704 second address: 678726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FDE99127C8Fh 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pushad 0x00000010 jbe 00007FDE99127C86h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 678726 second address: 67872C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 67872C second address: 678735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 678735 second address: 67873B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 67873B second address: 67873F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 67873F second address: 678743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 679573 second address: 679577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 679577 second address: 6795C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE98DE3512h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FDE98DE350Ah 0x00000011 push edx 0x00000012 pop edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 pushad 0x00000017 jng 00007FDE98DE350Ch 0x0000001d jmp 00007FDE98DE3516h 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 pushad 0x00000026 popad 0x00000027 pop edx 0x00000028 push edi 0x00000029 push esi 0x0000002a pop esi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6798E2 second address: 6798E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682879 second address: 682883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682883 second address: 68288A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682A2C second address: 682A30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682A30 second address: 682A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682A3C second address: 682A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 682E5F second address: 682E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FDE99127C86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 68311E second address: 683175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FDE98DE350Eh 0x0000000a jmp 00007FDE98DE350Ch 0x0000000f je 00007FDE98DE351Ch 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jno 00007FDE98DE3519h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 688F59 second address: 688F6D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jmp 00007FDE99127C8Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 689DDB second address: 689DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 689DE1 second address: 689E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDE99127C8Dh 0x00000009 jmp 00007FDE99127C99h 0x0000000e popad 0x0000000f push edi 0x00000010 jnl 00007FDE99127C86h 0x00000016 pushad 0x00000017 popad 0x00000018 pop edi 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 689E16 second address: 689E5C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FDE98DE3518h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007FDE98DE3510h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 jnl 00007FDE98DE350Ch 0x0000001f jp 00007FDE98DE3506h 0x00000025 push ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 68A5B2 second address: 68A5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 68A5B6 second address: 68A5BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 68AD2F second address: 68AD57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FDE99127C90h 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 693514 second address: 69351A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 69351A second address: 69351E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 69351E second address: 69352F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDE98DE350Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 693693 second address: 6936A1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FDE99127C88h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936A1 second address: 6936AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDE98DE3506h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936AB second address: 6936D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FDE99127C99h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936D3 second address: 6936D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936D8 second address: 6936DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936DE second address: 6936E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936E2 second address: 6936E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6936E6 second address: 6936EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 69517F second address: 6951A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FDE99127C99h 0x0000000c jng 00007FDE99127C86h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6951A5 second address: 6951BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3513h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6951BC second address: 6951C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6951C2 second address: 6951F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3514h 0x00000007 jmp 00007FDE98DE3511h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6951F1 second address: 6951F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6A190D second address: 6A1913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6A14CD second address: 6A14F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 jnp 00007FDE99127C97h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6A14F1 second address: 6A14FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FDE98DE3506h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B10B0 second address: 6B10CE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDE99127C8Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDE99127C8Eh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B10CE second address: 6B10F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDE98DE3516h 0x00000009 jmp 00007FDE98DE350Fh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B10F7 second address: 6B10FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B3E8F second address: 6B3EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FDE98DE3518h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B3EAE second address: 6B3EC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C90h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B3EC4 second address: 6B3ED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FDE98DE3506h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B3ED0 second address: 6B3ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6B3ED4 second address: 6B3F00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3512h 0x00000007 jmp 00007FDE98DE350Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FDE98DE3506h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6BC201 second address: 6BC21D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDE99127C86h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FDE99127C90h 0x00000012 jmp 00007FDE99127C8Ah 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6BC5E8 second address: 6BC60B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDE98DE3514h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jp 00007FDE98DE3506h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6BC60B second address: 6BC611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6C347C second address: 6C3481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6C3481 second address: 6C3499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C91h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6C5211 second address: 6C521E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FDE98DE350Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6CDF2F second address: 6CDF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDE99127C8Eh 0x0000000a jnl 00007FDE99127C86h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6CDDDA second address: 6CDDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6CDDE2 second address: 6CDDE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6CDDE8 second address: 6CDDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6D35B6 second address: 6D35BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6D35BA second address: 6D35CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FDE98DE350Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6E337A second address: 6E339F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDE99127C99h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6E339F second address: 6E33A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6E33A5 second address: 6E33AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6E5EA7 second address: 6E5EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3518h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007FDE98DE3517h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FDE98DE350Eh 0x0000001b jc 00007FDE98DE3506h 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6E5EEF second address: 6E5EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB38B second address: 6FB399 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE350Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB399 second address: 6FB3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FDE99127C8Fh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB3B2 second address: 6FB3CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FDE98DE3510h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB3CD second address: 6FB3D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB3D6 second address: 6FB3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FB3DA second address: 6FB3F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE99127C96h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FC07E second address: 6FC082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FC082 second address: 6FC092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FDE99127C86h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FC1E4 second address: 6FC203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3519h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 6FDC63 second address: 6FDC6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 7005A9 second address: 7005AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 700859 second address: 70085D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 70085D second address: 70086A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 70086A second address: 7008C4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDE99127C97h 0x0000000b popad 0x0000000c nop 0x0000000d mov edx, dword ptr [ebp+122D1A4Bh] 0x00000013 push 00000004h 0x00000015 mov edx, 52E309F5h 0x0000001a call 00007FDE99127C89h 0x0000001f jmp 00007FDE99127C90h 0x00000024 push eax 0x00000025 je 00007FDE99127C8Ah 0x0000002b push ecx 0x0000002c push edi 0x0000002d pop edi 0x0000002e pop ecx 0x0000002f mov eax, dword ptr [esp+04h] 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 7008C4 second address: 7008DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDE98DE3513h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 7008DB second address: 7008E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 7008E1 second address: 7008EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 700B0E second address: 700B12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRDTSC instruction interceptor: First address: 700B12 second address: 700B2C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDE98DE350Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c je 00007FDE98DE350Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSpecial instruction interceptor: First address: 468A1E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSpecial instruction interceptor: First address: 46894F instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSpecial instruction interceptor: First address: 60C4EA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSpecial instruction interceptor: First address: 697471 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00468F0A rdtsc 0_2_00468F0A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exe TID: 7584Thread sleep time: -60000s >= -30000sJump to behavior
    Source: 2S6U7zz1Jg.exe, 2S6U7zz1Jg.exe, 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730401061.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720710484.00000000010CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWv)
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730401061.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720710484.00000000010CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: 2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001088000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@C
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile opened: SICE
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_00468F0A rdtsc 0_2_00468F0A
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeCode function: 0_2_0044E110 LdrInitializeThunk,0_2_0044E110

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: 2S6U7zz1Jg.exeString found in binary or memory: hummskitnj.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: cashfuzysao.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: appliacnesot.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: screwamusresz.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: inherineau.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: scentniej.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: rebuildeso.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: prisonyfork.buzz
    Source: 2S6U7zz1Jg.exeString found in binary or memory: mindhandru.buzz
    Source: 2S6U7zz1Jg.exe, 2S6U7zz1Jg.exe, 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: {QProgram Manager
    Source: C:\Users\user\Desktop\2S6U7zz1Jg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    2S6U7zz1Jg.exe56%VirustotalBrowse
    2S6U7zz1Jg.exe58%ReversingLabsWin32.Trojan.Amadey
    2S6U7zz1Jg.exe100%AviraTR/Crypt.XPACK.Gen
    2S6U7zz1Jg.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		23.55.153.106
    		truefalse
      		high
      cashfuzysao.buzz
      		unknown
      		unknownfalse
        		high
        scentniej.buzz
        		unknown
        		unknownfalse
          		high
          inherineau.buzz
          		unknown
          		unknownfalse
            		high
            prisonyfork.buzz
            		unknown
            		unknownfalse
              		high
              rebuildeso.buzz
              		unknown
              		unknownfalse
                		high
                appliacnesot.buzz
                		unknown
                		unknownfalse
                  		high
                  hummskitnj.buzz
                  		unknown
                  		unknownfalse
                    		high
                    mindhandru.buzz
                    		unknown
                    		unknownfalse
                      		high
                      screwamusresz.buzz
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        scentniej.buzzfalse
                          		high
                          hummskitnj.buzzfalse
                            		high
                            mindhandru.buzzfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                rebuildeso.buzzfalse
                                  		high
                                  appliacnesot.buzzfalse
                                    		high
                                    screwamusresz.buzzfalse
                                      		high
                                      cashfuzysao.buzzfalse
                                        		high
                                        inherineau.buzzfalse
                                          		high
                                          prisonyfork.buzzfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.com2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcasts2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampowered.com/en/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/market/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/news/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://store.steampowered.com/subscriber_agreement/2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://recaptcha.net/recaptcha/;2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.valvesoftware.com/legal.htm2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=en2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/discussions/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.com2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.com2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://store.steampowered.com/stats/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://medal.tv2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://broadcast.st.dl.eccdnx.com2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/steam_refunds/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback2S6U7zz1Jg.exe, 00000000.00000003.1720359869.000000000109C000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319002S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af62S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620162S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://s.ytimg.com;2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com/workshop/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://login.steampowered.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_c2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=12S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://steamcommunity.com/profiles/76561199724331900p2S6U7zz1Jg.exe, 00000000.00000002.1730361370.00000000010A2000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/legal/2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=engli2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steam.tv/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=en2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=eng2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://store.steampowered.com/privacy_agreement/2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://store.steampowered.com/points/shop/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://recaptcha.net2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://sketchfab.com2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://lv.queniujq.cn2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.youtube.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://127.0.0.1:270602S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/privacy_agreement/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/recaptcha/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://checkout.steampowered.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://help.steampowered.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://api.steampowered.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/points/shop2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/account/cookiepreferences/2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001098000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/profiles/76561199724331900=2S6U7zz1Jg.exe, 00000000.00000002.1730196660.0000000001088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/mobile2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn812S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/;2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730483984.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720848542.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/((hb2S6U7zz1Jg.exe, 00000000.00000003.1720710484.00000000010B9000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000003.1720359869.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 2S6U7zz1Jg.exe, 00000000.00000002.1730401061.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/about/2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;l2S6U7zz1Jg.exe, 00000000.00000003.1720319418.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high

                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                    General Information

                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                    Analysis ID:1581609
                                                                                                                                                                                                    Start date and time:2024-12-28 09:51:58 +01:00
                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 2m 59s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                    Number of analysed new started processes analysed:1
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Sample name:2S6U7zz1Jg.exe
                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                    Original Sample Name:7a4aeef83782b9985e994fd8665729da.exe
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    03:52:50API Interceptor3x Sleep call for process: 2S6U7zz1Jg.exe modified

                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                    IPs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    23.55.153.106v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                SPzPNCzcCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    MrIOYC1Pns.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        steamcommunity.comv5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        SPzPNCzcCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        MrIOYC1Pns.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        AKAMAI-ASN1EUv5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.44.201.12
                                                                                                                                                                                                                        N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        SPzPNCzcCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        MrIOYC1Pns.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        j2nLC29vCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        SPzPNCzcCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        es5qBEFupj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                        vUcZzNWkKc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):7.947154788306708
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:2S6U7zz1Jg.exe
                                                                                                                                                                                                                        File size:1'882'624 bytes
                                                                                                                                                                                                                        MD5:7a4aeef83782b9985e994fd8665729da
                                                                                                                                                                                                                        SHA1:061a6da74fdd47a230d58ee149e874099c21ab42
                                                                                                                                                                                                                        SHA256:8a1e5a4184e1718fc7ea124a14436b95da5134d3b8ab03bc77a37091143b7aab
                                                                                                                                                                                                                        SHA512:660b1e4cf7e24bbf794d1105bc769ed799e2d1cf78d14b138ec3cafc94f4117db85a7e833307f12eb37a608d04e953279acd8d0b02836e826aad2d84e1032769
                                                                                                                                                                                                                        SSDEEP:49152:txV+QX+Jcjyrj3ZNr0aANQxQ1IKZ98KQyzsD0/:tOvJuyrPPxlK78KQEP/
                                                                                                                                                                                                                        TLSH:5F95333422E17548DE67917B39D1A53A6CD4A32DC68B18D6B7C8F63F2C47E34E2906C8
                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................J...........@..........................0J.....|.....@.................................Y@..m..

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x8a0000
                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        jmp 00007FDE984FEA2Ah
                                                                                                                                                                                                                        sets byte ptr [eax+eax]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        jmp 00007FDE98500A25h
                                                                                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax+00h], ah
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        inc esp
                                                                                                                                                                                                                        nop
                                                                                                                                                                                                                        salc
                                                                                                                                                                                                                        cmp al, byte ptr [eax]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add dword ptr [eax], eax
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        pop es
                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        0x10000x520000x2640053d6c5895f4b5d46ac446264d99c3b61False0.9995595894607843data7.979538958155043IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        0x550000x2a80000x2001526ca669987a9b1d8d7f89dd7677732unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        qpjbghvm0x2fd0000x1a20000x1a18001c53c129d29535d5c077ba04e7cd81f3False0.9946745181511976data7.953203720827928IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        rdmjfxun0x49f0000x10000x6002a46b8367159a6863731b16f14e24d4aFalse0.5846354166666666data5.062145546459791IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .taggant0x4a00000x30000x22006a3da2a0dc904609e5dc26f202e64386False0.06721047794117647DOS executable (COM)0.8032581758066283IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                        2024-12-28T09:52:50.382098+01002058582ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)1192.168.2.4597651.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:50.581148+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.4555411.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:50.731439+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.4552041.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:50.893466+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.4609591.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:51.035561+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.4622391.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:51.206479+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.4534481.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:51.354579+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.4644181.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:51.498490+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.4597141.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:51.641742+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.4545651.1.1.153UDP
                                                                                                                                                                                                                        2024-12-28T09:52:53.415874+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973023.55.153.106443TCP
                                                                                                                                                                                                                        2024-12-28T09:52:54.169049+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.44973023.55.153.106443TCP

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.946204901 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.946259022 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.946358919 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.977377892 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.977396011 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.415757895 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.415874004 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.419832945 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.419842958 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.420171976 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.467484951 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.471911907 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:53.519351006 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169092894 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169120073 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169154882 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169169903 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169193029 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169249058 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169280052 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169296980 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.169336081 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.355350018 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.355417013 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.355550051 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.355581999 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.355648994 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.362750053 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.362819910 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.362893105 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.380494118 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.380527020 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.380542040 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                        Dec 28, 2024 09:52:54.380548954 CET4434973023.55.153.106192.168.2.4

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.382097960 CET5976553192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.522620916 CET53597651.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.581147909 CET5554153192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.721328020 CET53555411.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.731439114 CET5520453192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.871705055 CET53552041.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.893465996 CET6095953192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.033685923 CET53609591.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.035561085 CET6223953192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.175188065 CET53622391.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.206479073 CET5344853192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.347404003 CET53534481.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.354578972 CET6441853192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.495064974 CET53644181.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.498490095 CET5971453192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.638757944 CET53597141.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.641741991 CET5456553192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.787548065 CET53545651.1.1.1192.168.2.4
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.791614056 CET5367553192.168.2.41.1.1.1
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.932765961 CET53536751.1.1.1192.168.2.4

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.382097960 CET192.168.2.41.1.1.10x1c29Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.581147909 CET192.168.2.41.1.1.10xa537Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.731439114 CET192.168.2.41.1.1.10xcfb5Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.893465996 CET192.168.2.41.1.1.10x8de0Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.035561085 CET192.168.2.41.1.1.10x6ad6Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.206479073 CET192.168.2.41.1.1.10x116fStandard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.354578972 CET192.168.2.41.1.1.10xf623Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.498490095 CET192.168.2.41.1.1.10x2b29Standard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.641741991 CET192.168.2.41.1.1.10x3cbeStandard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.791614056 CET192.168.2.41.1.1.10xcb6bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.522620916 CET1.1.1.1192.168.2.40x1c29Name error (3)mindhandru.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.721328020 CET1.1.1.1192.168.2.40xa537Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:50.871705055 CET1.1.1.1192.168.2.40xcfb5Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.033685923 CET1.1.1.1192.168.2.40x8de0Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.175188065 CET1.1.1.1192.168.2.40x6ad6Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.347404003 CET1.1.1.1192.168.2.40x116fName error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.495064974 CET1.1.1.1192.168.2.40xf623Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.638757944 CET1.1.1.1192.168.2.40x2b29Name error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.787548065 CET1.1.1.1192.168.2.40x3cbeName error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Dec 28, 2024 09:52:51.932765961 CET1.1.1.1192.168.2.40xcb6bNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • steamcommunity.com

                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.44973023.55.153.1064437456C:\Users\user\Desktop\2S6U7zz1Jg.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-12-28 08:52:53 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                        2024-12-28 08:52:54 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:52:53 GMT
                                                                                                                                                                                                                        Content-Length: 25665
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: sessionid=5a86ccbb4ea124c0c787c7b1; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                        2024-12-28 08:52:54 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                        2024-12-28 08:52:54 UTC10097INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                        Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
                                                                                                                                                                                                                        2024-12-28 08:52:54 UTC1089INData Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09
                                                                                                                                                                                                                        Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:03:52:47
                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\2S6U7zz1Jg.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\2S6U7zz1Jg.exe"
                                                                                                                                                                                                                        Imagebase:0x410000
                                                                                                                                                                                                                        File size:1'882'624 bytes
                                                                                                                                                                                                                        MD5 hash:7A4AEEF83782B9985E994FD8665729DA
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:0.7%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:26.6%
                                                                                                                                                                                                                          Total number of Nodes:64
                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                          execution_graph 20001 418600 20005 41860f 20001->20005 20002 418a48 ExitProcess 20003 418a31 20008 44e080 FreeLibrary 20003->20008 20005->20002 20005->20003 20007 41b7b0 FreeLibrary FreeLibrary 20005->20007 20007->20003 20008->20002 20009 44e967 20010 44e980 20009->20010 20013 44e110 LdrInitializeThunk 20010->20013 20012 44e9ef 20013->20012 20014 44e760 20015 44e780 20014->20015 20015->20015 20016 44e7be 20015->20016 20018 44e110 LdrInitializeThunk 20015->20018 20018->20016 20032 41a369 20033 41a430 20032->20033 20033->20033 20036 41b100 20033->20036 20035 41a479 20037 41b190 20036->20037 20039 41b1b5 20037->20039 20040 44e0a0 20037->20040 20039->20035 20041 44e0c0 20040->20041 20042 44e0f3 20040->20042 20043 44e0d4 20040->20043 20046 44e0e8 20040->20046 20041->20042 20041->20043 20047 44c570 20042->20047 20045 44e0d9 RtlReAllocateHeap 20043->20045 20045->20046 20046->20037 20048 44c585 20047->20048 20049 44c583 20047->20049 20050 44c58a RtlFreeHeap 20048->20050 20049->20046 20050->20046 20051 44eb88 20052 44eba0 20051->20052 20055 44ebde 20052->20055 20058 44e110 LdrInitializeThunk 20052->20058 20053 44ec4e 20055->20053 20057 44e110 LdrInitializeThunk 20055->20057 20057->20053 20058->20055 20059 44ea29 20060 44ea50 20059->20060 20062 44ea8e 20060->20062 20066 44e110 LdrInitializeThunk 20060->20066 20065 44e110 LdrInitializeThunk 20062->20065 20064 44eb59 20065->20064 20066->20062 20070 469256 20071 469328 VirtualAlloc 20070->20071 20073 469f06 20071->20073 20074 419eb7 20077 44fe00 20074->20077 20076 419ec7 WSAStartup 20078 44fe20 20077->20078 20078->20076 20078->20078 20079 44c55c RtlAllocateHeap 20080 44ec9c 20082 44ec9f 20080->20082 20081 44ed6e 20082->20081 20084 44e110 LdrInitializeThunk 20082->20084 20084->20081 20085 44679f 20086 4467bc 20085->20086 20088 44682d 20086->20088 20089 44e110 LdrInitializeThunk 20086->20089 20089->20086 20090 419d1e 20091 419d40 20090->20091 20091->20091 20092 419d94 LoadLibraryExW 20091->20092 20093 419da5 20092->20093 20094 419e74 LoadLibraryExW 20093->20094 20095 419e85 20094->20095

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0041B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 41b100-41b18b 1 41b190-41b199 0->1 1->1 2 41b19b-41b1ae 1->2 4 41b1b5-41b1b7 2->4 5 41b414-41b4b7 call 417e30 2->5 6 41b4e4-41b4ef 2->6 7 41b4f6-41b4fd 2->7 8 41b40b-41b40f 2->8 9 41b1bc-41b3db 2->9 10 41b52f-41b538 2->10 11 41b4be-41b4c7 2->11 32 41b6df-41b6e6 4->32 5->6 5->7 5->10 5->11 12 41b780 5->12 13 41b5e3-41b5f0 5->13 14 41b623-41b640 5->14 15 41b782 5->15 16 41b647-41b657 5->16 17 41b789 5->17 18 41b689-41b697 5->18 19 41b748-41b76d 5->19 20 41b76f 5->20 21 41b66f-41b687 call 44fe00 5->21 22 41b6f0-41b6f1 5->22 23 41b610-41b61e 5->23 24 41b792-41b79a 5->24 25 41b717-41b732 call 44e0a0 5->25 26 41b5f7-41b60e call 44fe00 5->26 27 41b69c-41b6b1 5->27 28 41b79f 5->28 29 41b65e-41b668 5->29 30 41b6fe-41b710 5->30 6->7 6->10 6->12 6->13 6->14 6->15 6->16 6->17 6->18 6->19 6->20 6->21 6->22 6->23 6->24 6->25 6->26 6->27 6->28 6->29 6->30 31 41b572-41b592 7->31 35 41b6d3-41b6dc 8->35 33 41b3e0-41b3eb 9->33 34 41b540-41b56a 10->34 37 41b4ff-41b52a call 44fe00 11->37 38 41b4ce-41b4df 11->38 13->23 13->26 14->12 14->15 14->16 14->17 14->18 14->19 14->20 14->21 14->22 14->23 14->24 14->25 14->26 14->27 14->28 14->29 14->30 15->17 16->12 16->15 16->17 16->18 16->19 16->20 16->21 16->22 16->23 16->24 16->25 16->26 16->27 16->28 16->29 16->30 17->24 42 41b7a2-41b7a9 18->42 45 41b774-41b77a 19->45 20->45 21->18 60 41b6f8 22->60 40 41b6ba-41b6bd 23->40 24->22 52 41b737-41b741 25->52 26->23 27->40 28->42 29->18 29->21 29->23 29->26 30->12 30->15 30->17 30->18 30->19 30->20 30->21 30->23 30->25 30->26 30->28 50 41b5a0-41b5bd 31->50 33->33 44 41b3ed-41b3f8 33->44 34->34 49 41b56c-41b56f 34->49 35->32 47 41b6c6-41b6d0 37->47 38->47 40->47 42->40 62 41b3fb-41b404 44->62 45->12 47->35 49->31 50->50 59 41b5bf-41b5dc 50->59 52->12 52->15 52->17 52->18 52->19 52->20 52->21 52->23 52->26 52->28 59->12 59->13 59->14 59->15 59->16 59->17 59->18 59->19 59->20 59->21 59->22 59->23 59->24 59->25 59->26 59->27 59->28 59->29 59->30 60->30 62->5 62->6 62->7 62->8 62->10 62->11 62->12 62->13 62->14 62->15 62->16 62->17 62->18 62->19 62->20 62->21 62->22 62->23 62->24 62->25 62->26 62->27 62->28 62->29 62->30
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                          • API String ID: 0-620192811
                                                                                                                                                                                                                          • Opcode ID: 2363ea918c37521965d72ff7b5de7dbbed269ae78acc5763d014fca6f90d2488
                                                                                                                                                                                                                          • Instruction ID: 9ed775963ef2f5c195cd9aa61aa003a764845254ff28142f101fb88ce8286ed2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2363ea918c37521965d72ff7b5de7dbbed269ae78acc5763d014fca6f90d2488
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 160266B0200B01DFD324CF25D891BABBBE1FB45315F108A2DE5AA8BAA1D734E455CF95
                                                                                                                                                                                                                          Function 00418600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 74 418600-418611 call 44d9a0 77 418617-41861e call 4462a0 74->77 78 418a48-418a4b ExitProcess 74->78 81 418a31-418a38 77->81 82 418624-41864a 77->82 83 418a43 call 44e080 81->83 84 418a3a-418a40 call 417f60 81->84 90 418650-41887f 82->90 91 41864c-41864e 82->91 83->78 84->83 93 418880-4188ce 90->93 91->90 93->93 94 4188d0-41891d call 44c540 93->94 97 418920-418943 94->97 98 418945-418962 97->98 99 418964-41897c 97->99 98->97 101 418982-418a0b 99->101 102 418a0d-418a1b call 419d00 99->102 101->102 104 418a20-418a25 102->104 104->81 105 418a27-418a2c call 41cb90 call 41b7b0 104->105 105->81
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00418A4B
                                                                                                                                                                                                                            • Part of subcall function 0041B7B0: FreeLibrary.KERNEL32(00418A31), ref: 0041B7B6
                                                                                                                                                                                                                            • Part of subcall function 0041B7B0: FreeLibrary.KERNEL32 ref: 0041B7D7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                          • String ID: b]u)$}$}
                                                                                                                                                                                                                          • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                          • Opcode ID: 62cbef87c4d17d7a6ead6d7b126f82f4002a977e68fc1613de3bdedbed232b4b
                                                                                                                                                                                                                          • Instruction ID: 5dfaedc1586182387827cf14cc1851ff5a98fcbc05fc8443286514c11cfce68a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62cbef87c4d17d7a6ead6d7b126f82f4002a977e68fc1613de3bdedbed232b4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAC1F673A187144BC718DF69C84125AF7D6ABC8714F0EC52EA898EB391EA74DC058BC6
                                                                                                                                                                                                                          Function 0044E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 170 44e110-44e142 LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(0045148A,?,00000018,?,?,00000018,?,?,?), ref: 0044E13E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                          Function 00451720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 172 451720-451741 173 451750-45176b 172->173 173->173 174 45176d-451779 173->174 175 4517e0-4517e5 174->175 176 45177b-451785 174->176 178 451879-45187b 175->178 179 4517eb-4517ff 175->179 177 451790-451797 176->177 180 4517ad-4517b5 177->180 181 451799-4517a7 177->181 182 45188d-451894 178->182 183 45187d-451884 178->183 184 451800-45181b 179->184 180->175 186 4517b7-4517d8 call 44e110 180->186 181->177 185 4517a9-4517ab 181->185 187 451886 183->187 188 45188a 183->188 184->184 189 45181d-451828 184->189 185->175 194 4517dd 186->194 187->188 188->182 191 451871-451873 189->191 192 45182a-451832 189->192 191->178 193 451875 191->193 195 451840-451847 192->195 193->178 194->175 196 451850-451856 195->196 197 451849-45184c 195->197 196->191 198 451858-45186e call 44e110 196->198 197->195 199 45184e 197->199 198->191 199->191
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: =<32
                                                                                                                                                                                                                          • API String ID: 2994545307-852023076
                                                                                                                                                                                                                          • Opcode ID: b912b2362c75f11fcf6e8fba2cdfe7b76af8fdc5dc4926b173a1918990b692c5
                                                                                                                                                                                                                          • Instruction ID: dcbb989496bec5bb524040397cb08234e955ae8e96745d9b547d876738105e73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b912b2362c75f11fcf6e8fba2cdfe7b76af8fdc5dc4926b173a1918990b692c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10318C386043046BE7249A18DCD1B3BB795EB84352F18863EF981573F2D739DC54878A
                                                                                                                                                                                                                          Function 00418A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                          • Instruction ID: 74625559fba17ee8644e49a59c14278c8e8dba7c45661c9398c45572c744373d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7121C537A627184BD3108E54DCC87917761EBD9328F3E86B8C9249F3D2C97BA91386C0
                                                                                                                                                                                                                          Function 00419D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 109 419d1e-419d34 110 419d40-419d52 109->110 110->110 111 419d54-419d7e 110->111 112 419d80-419d92 111->112 112->112 113 419d94-419e13 LoadLibraryExW call 44d960 112->113 116 419e20-419e32 113->116 116->116 117 419e34-419e5e 116->117 118 419e60-419e72 117->118 118->118 119 419e74-419e80 LoadLibraryExW call 44d960 118->119 121 419e85-419e98 119->121
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000), ref: 00419D98
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000), ref: 00419E78
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                          • String ID: CKJ
                                                                                                                                                                                                                          • API String ID: 1029625771-135910603
                                                                                                                                                                                                                          • Opcode ID: 0c7345be4ef32b1a9f8d02ed69fbdccc52cbd2e1dda3e53d6594f0c8c1919834
                                                                                                                                                                                                                          • Instruction ID: c01c2e8165d5f17d1733c08311fae84d93d80004373d7eca716a439690637fec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c7345be4ef32b1a9f8d02ed69fbdccc52cbd2e1dda3e53d6594f0c8c1919834
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 194101B4D003009FE7149F7899D2A9A7F71EB06324F50429DE4902F3A6C635980ACBE6
                                                                                                                                                                                                                          Function 0044E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 149 44e0a0-44e0b1 150 44e0d4-44e0e6 call 44f990 RtlReAllocateHeap 149->150 151 44e0c6-44e0cd 149->151 152 44e0c0 149->152 153 44e0f3-44e0f4 call 44c570 149->153 154 44e0e8-44e0f1 call 44c540 149->154 161 44e0fe-44e100 150->161 151->150 151->153 152->151 160 44e0f9-44e0fc 153->160 154->161 160->161
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0044E0E0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: 8fec249892214e152385df9c32da20626dbcbbb919b991c4a085ce832a49a312
                                                                                                                                                                                                                          • Instruction ID: c7921f1c63134e9294fda6a40b9484d048c91f9473487158e54bef85016670ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fec249892214e152385df9c32da20626dbcbbb919b991c4a085ce832a49a312
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F0EC71425231FBD3502F35BD05A5B3664EFC3715F05043AF40456111DB78DC16859E
                                                                                                                                                                                                                          Function 00419EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 162 419eb7-419ef7 call 44fe00 WSAStartup
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 00419ED2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Startup
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 724789610-0
                                                                                                                                                                                                                          • Opcode ID: f9470f130f099acad88730ac6a15b6cfabdc89951e27fdc899e807f771839efd
                                                                                                                                                                                                                          • Instruction ID: 2372001b15fd9a71a3fb9d3f4712e545df997cc50d5b5235453d6a8edad43aa9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9470f130f099acad88730ac6a15b6cfabdc89951e27fdc899e807f771839efd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EE02B336407029BE700DB30FC57E6D3356DB153477068439E609C1173EA72D420DA14
                                                                                                                                                                                                                          Function 0044C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 165 44c570-44c57c 166 44c585-44c597 call 44f990 RtlFreeHeap 165->166 167 44c583-44c584 165->167
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,0044E0F9), ref: 0044C590
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                          • Opcode ID: c18cbac5100bfa23647ee91dc721850119d11de9fb9f6654f4238296085157ab
                                                                                                                                                                                                                          • Instruction ID: f9dbc1b18431652489179445582de2ccd2f7101871e2ea326598a786afb33988
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c18cbac5100bfa23647ee91dc721850119d11de9fb9f6654f4238296085157ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADD01231415632FBC6102F28FC05BC73B54DF49321F0708A1F4046A175D7A5EC91CAD9
                                                                                                                                                                                                                          Function 0044C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 171 44c55c-44c568 RtlAllocateHeap
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 0044C561
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: d8face5ef2adf1a7a426c42787f3f20e3342b46c344b045d1c2654360c344b8b
                                                                                                                                                                                                                          • Instruction ID: c8256a21e097a5dac2616e63e8de35cafcb29c63b32ce82e3490f9c4e90221e9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8face5ef2adf1a7a426c42787f3f20e3342b46c344b045d1c2654360c344b8b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22A00171185510AADA562B24FD09B847A21AB58621F1241A1E102590F696A1D8929A89
                                                                                                                                                                                                                          Function 00469B28 Relevance: 1.3, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 0046A3EE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                          • Opcode ID: ad9a46410c4fc598e413cde7374f89cfc4bdd93f74b7510bab614476c9e22374
                                                                                                                                                                                                                          • Instruction ID: d0fe8afa640f6038954dcb57289c16e8236c160704925fbbb12af71410857c66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad9a46410c4fc598e413cde7374f89cfc4bdd93f74b7510bab614476c9e22374
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05118BB050C304AFD704AF28C88062EF7E4EF54B20F158A2CEAE983790E6356C10CB5B
                                                                                                                                                                                                                          Function 00469256 Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 00469EF4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                          • Opcode ID: 0ce6c391259ea5a1473901ca9477e88eaa055d506b435f0fde07671954a59b29
                                                                                                                                                                                                                          • Instruction ID: 3b45d9092e331a69ebdc87bdc399811bb327ae5f8371d0eaaa6b63912a97a541
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ce6c391259ea5a1473901ca9477e88eaa055d506b435f0fde07671954a59b29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF0E57240C205DBD7016F24C8483AEB7A1FF90320F36462EE98283680E6BA9C11CA4B

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 004342D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004343AA
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0043443E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                          • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$REC$Xs$bFC$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                          • API String ID: 237503144-1052345360
                                                                                                                                                                                                                          • Opcode ID: d7dcee8e77508af5e26caa2fc83c58b39f0e481119e0bda9defebebd9c6243aa
                                                                                                                                                                                                                          • Instruction ID: fbe5e1f42109798044ebf0376d368fa0fd2905cce181ed00f8dd7bc0e4eef4a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7dcee8e77508af5e26caa2fc83c58b39f0e481119e0bda9defebebd9c6243aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2C20CB560C3848AD334CF14D4527DFBAF2FB82304F00892DD5E96B255D7B5864A8B9B
                                                                                                                                                                                                                          Function 00434560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$REC$Xs$bFC$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                          • API String ID: 0-2747805355
                                                                                                                                                                                                                          • Opcode ID: e442a144f08e8d0d44ad257234a7938cf9c205e2aeb2f7288498f2f183a2fb74
                                                                                                                                                                                                                          • Instruction ID: 4591f4d457e661d58cc67d8c294c9815d4fd5e899d9d64839fdb89f283968d22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e442a144f08e8d0d44ad257234a7938cf9c205e2aeb2f7288498f2f183a2fb74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7C21DB560C3848AD334CF54D442BDFBAF2FB82304F00892DD5E96B256D7B586498B9B
                                                                                                                                                                                                                          Function 00449280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                                                          • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                          • API String ID: 3341692771-1335595022
                                                                                                                                                                                                                          • Opcode ID: 22d06a1e3efb39a92570d2e439c791ad5caaae4ea95d41e922e83c9718dcccef
                                                                                                                                                                                                                          • Instruction ID: 9bfd18571762a29967bf83b2c88ac2ddd5e009b4442adfbb8ccf4858997fea33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22d06a1e3efb39a92570d2e439c791ad5caaae4ea95d41e922e83c9718dcccef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD221376A183119BE310CF28C881B5BBBE2EFC5314F18892DE9D49B391D779D845CB86
                                                                                                                                                                                                                          Function 004260E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                          • API String ID: 0-2746398225
                                                                                                                                                                                                                          • Opcode ID: 83fa3d45cff9b6acabb0394871542275f2ff4971e494395af2f677e3c7e78ceb
                                                                                                                                                                                                                          • Instruction ID: 5e3097f53f3c7e5442dc21123c265d68ba5833df9fab212ba1714b6469e98ecb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fa3d45cff9b6acabb0394871542275f2ff4971e494395af2f677e3c7e78ceb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E44226B26083608FC7248F24E8917ABB7E2BFD5314F5A853DD4D987356DB389806CB46
                                                                                                                                                                                                                          Function 00421227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                                          • API String ID: 0-4163809010
                                                                                                                                                                                                                          • Opcode ID: 9df5f0c2b6a1b2dd27a28bf007ebf2aae8a4065bb5fc229275a6edc9b130ec9b
                                                                                                                                                                                                                          • Instruction ID: 0441b8321e649d8be87d1614048de89ce78575f5cee3039123babad44dc0c563
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9df5f0c2b6a1b2dd27a28bf007ebf2aae8a4065bb5fc229275a6edc9b130ec9b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C52C17260C7908BC324DB39D4943AFBBE1AFD5324F594A2EE4D9C7391D63889428B47
                                                                                                                                                                                                                          Function 0042747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                          • API String ID: 0-3116432788
                                                                                                                                                                                                                          • Opcode ID: edb5a4892c8699a78b5cdcde40dda284db29b5b82189126b1262c73d9deddbba
                                                                                                                                                                                                                          • Instruction ID: b24a50d8e8c31c6cfb3e61c2d985562287042ba80d1496d76b6794328878968d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edb5a4892c8699a78b5cdcde40dda284db29b5b82189126b1262c73d9deddbba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF8246716083618BC724CF28D8917ABB7E1FFC9324F598A6DE8D5973A5E7388801C746
                                                                                                                                                                                                                          Function 00419310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                                          • API String ID: 0-3116088196
                                                                                                                                                                                                                          • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                          • Instruction ID: 8a124d81026fecfef107dd2f70597bc253aac4c4c4d4def2e86fc7a520239cfe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9C1267260C3D58BD322CF6994A039BFFD19FD6200F084AADE4E51B382D3698D46C796
                                                                                                                                                                                                                          Function 005D7322 Relevance: 7.9, Strings: 5, Instructions: 1647COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "s]$&$_n$4Q?v$O!?v$eAWO
                                                                                                                                                                                                                          • API String ID: 0-3409241677
                                                                                                                                                                                                                          • Opcode ID: 424b9e388df0bb9846f84db5f1b0af28fe8cea97cb7fbc29fd26c07df89e0b0d
                                                                                                                                                                                                                          • Instruction ID: d61169b12a216a3050847557e636d5008b54278e81d5cf26442f9c4ac8def720
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 424b9e388df0bb9846f84db5f1b0af28fe8cea97cb7fbc29fd26c07df89e0b0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB218F3A082049FE304AF2DEC8567ABBE9EFD4720F1A493DE6C4C7744E97558018696
                                                                                                                                                                                                                          Function 004381CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004384BD
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004385B4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                          • String ID: LF7Y$_^]\
                                                                                                                                                                                                                          • API String ID: 237503144-3688711800
                                                                                                                                                                                                                          • Opcode ID: 225b7cbb646f54da18a27636d89f954dc5ac613de43a0d7f8013867bda3c16fe
                                                                                                                                                                                                                          • Instruction ID: 5ab0aa17372019ba8d583bcf2a08bd2e9ab684cc9e83051e6ea1d1e9746ac301
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 225b7cbb646f54da18a27636d89f954dc5ac613de43a0d7f8013867bda3c16fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2220F71908341CFD3248F28E88072FBBE2AF89311F194A7DE999573A2D735D941CB5A
                                                                                                                                                                                                                          Function 004383D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004384BD
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004385B4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                          • String ID: LF7Y$_^]\
                                                                                                                                                                                                                          • API String ID: 237503144-3688711800
                                                                                                                                                                                                                          • Opcode ID: 2a5fa122c7b88ef1708eca1af16ba027b90a98a5d9f01170c84aa35b7df8fe92
                                                                                                                                                                                                                          • Instruction ID: db0d22f27d9ebad1d5af8548dbe891baa64b32d920e6e53d201c13c82e634a2a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a5fa122c7b88ef1708eca1af16ba027b90a98a5d9f01170c84aa35b7df8fe92
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D512FF71908341CFD3248F28E88072BBBE2BF89315F194A7DE999573A2D734D941CB5A
                                                                                                                                                                                                                          Function 004324E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                          • API String ID: 0-1171452581
                                                                                                                                                                                                                          • Opcode ID: 5a50744f22604dee0b7b73718ff7e897621bced419f964e35a373418679094c3
                                                                                                                                                                                                                          • Instruction ID: 2680f1892a157c27be04b37b7b61fe9818c7dbc039866509e1bc9c37d82426eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a50744f22604dee0b7b73718ff7e897621bced419f964e35a373418679094c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E9115716083009BD714DF24C892B67B3B0FF89758F14942DF8898B392E3B8E906C75A
                                                                                                                                                                                                                          Function 00428169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                          • API String ID: 0-3257051659
                                                                                                                                                                                                                          • Opcode ID: 526f2dbd63e30c7fb6299e85698e6b0aa2030c2bad3bc333a4d70e58a724a843
                                                                                                                                                                                                                          • Instruction ID: 907f372ac06885e8786ca3b730d4bee1a097bbebb1ef32db9f930c59d8b88923
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 526f2dbd63e30c7fb6299e85698e6b0aa2030c2bad3bc333a4d70e58a724a843
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FA11672B153604BD314CF28D8517AFB7E2FBC4318F598A3ED885D7392DA3898468786
                                                                                                                                                                                                                          Function 00431340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                                          • API String ID: 0-3993331145
                                                                                                                                                                                                                          • Opcode ID: 18b15283c13d61b83769a37ace64f9e9061fd85624d650575d03382805539098
                                                                                                                                                                                                                          • Instruction ID: 808ff07cc1cd58f591cd2ab1982cc1ea33063fb8e683f5c19dcdcd7d873cc953
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18b15283c13d61b83769a37ace64f9e9061fd85624d650575d03382805539098
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDD117B16183048BC728DF24C89266BB7F2FFD5354F08DA1DE4968B3A0E7789904C756
                                                                                                                                                                                                                          Function 004391AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004391DA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                          • String ID: +Ku$wpq
                                                                                                                                                                                                                          • API String ID: 237503144-1953850642
                                                                                                                                                                                                                          • Opcode ID: 83b2d10c3457b9168bc7b55879e1173f7ab4a9eade041553bbfc799ca7f66d91
                                                                                                                                                                                                                          • Instruction ID: 646a872942b680d9dea7c5adffa4ce0fc7f1625010c1f06bde5ed7226e4f32f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83b2d10c3457b9168bc7b55879e1173f7ab4a9eade041553bbfc799ca7f66d91
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E51BD7220C3118FC324CF29984076FB7E2EBC5310F15892EE5E9CB285DB74D50A8B92
                                                                                                                                                                                                                          Function 004390D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00439170
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                          • String ID: M/($M/(
                                                                                                                                                                                                                          • API String ID: 237503144-1710806632
                                                                                                                                                                                                                          • Opcode ID: a69de773c0daff03b6f9627ed0da9ec799648ad6a33ae4cde17315f872c15529
                                                                                                                                                                                                                          • Instruction ID: c2fcad28a8fe34d7adf913e532958a4a74bdb57a26d9cd295a0d48876d37bc0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a69de773c0daff03b6f9627ed0da9ec799648ad6a33ae4cde17315f872c15529
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B21237165C3515FE714CE34988179FB7AAEBC6700F01892CE0D1EB2C5D679880BC756
                                                                                                                                                                                                                          Function 005D233B Relevance: 5.3, Strings: 3, Instructions: 1561COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ck?$gzQi${B_v
                                                                                                                                                                                                                          • API String ID: 0-2116789174
                                                                                                                                                                                                                          • Opcode ID: 9f9256078c5ee31b195895b7a8ee520cf76a5fcb8721877628a464311f135029
                                                                                                                                                                                                                          • Instruction ID: f5f8c582d25f2eed72cee772530d24999ded678a8f27d85818aab7070c5e3056
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f9256078c5ee31b195895b7a8ee520cf76a5fcb8721877628a464311f135029
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB204F360C2009FD304AE2DEC8567AFBE9EF94720F1A493DEAC4C7744EA3558458696
                                                                                                                                                                                                                          Function 005DC38A Relevance: 4.2, Strings: 2, Instructions: 1669COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: AP_$_o}
                                                                                                                                                                                                                          • API String ID: 0-2807544811
                                                                                                                                                                                                                          • Opcode ID: dfec7097ac79ff00255820fa68090c9694945a9faa2ca3c051eebbe3a9bf60c2
                                                                                                                                                                                                                          • Instruction ID: 9477063e1a2313c94ae16243647e8246dd24b583139f01a9417249946af96177
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfec7097ac79ff00255820fa68090c9694945a9faa2ca3c051eebbe3a9bf60c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAB21AF360C204AFE7046E2DEC8567ABBE9EF94720F16453DE6C4C3744EA3598058697
                                                                                                                                                                                                                          Function 0043A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                          • API String ID: 0-3117400391
                                                                                                                                                                                                                          • Opcode ID: b55c067826e9515e381710ce4fd0f38afc6bc1572210bab91c09307270d04066
                                                                                                                                                                                                                          • Instruction ID: 177b48a9d2cafd5ae42d62293f0337602a541f308a3f1b4e18e3543d84268431
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b55c067826e9515e381710ce4fd0f38afc6bc1572210bab91c09307270d04066
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56C11F7050C340DFD705DF28E84162BBBE2AF89311F088ABDF4D5432A2D339D9568B1A
                                                                                                                                                                                                                          Function 0042D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: [V$bh
                                                                                                                                                                                                                          • API String ID: 0-2174178241
                                                                                                                                                                                                                          • Opcode ID: 2299407d3198a08be85f77e2e2197cdb1cfe9bce00e2d35cc9d405078ceab56e
                                                                                                                                                                                                                          • Instruction ID: 3e938d10bb64bb1cf732f5e069d2416b533a9ce496c76d8139e32d0392571f27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2299407d3198a08be85f77e2e2197cdb1cfe9bce00e2d35cc9d405078ceab56e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3324AB1E01721CBCB24CF28C8916B7B7B1FF95310F58825DD8969B394E738A841C795
                                                                                                                                                                                                                          Function 004F237F Relevance: 2.9, Strings: 2, Instructions: 406COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: },$(tv
                                                                                                                                                                                                                          • API String ID: 0-880083802
                                                                                                                                                                                                                          • Opcode ID: ffee9826a6eb061a766af2ef7ab075f9a2ea87b0d019eb02917fc65ac49db0d8
                                                                                                                                                                                                                          • Instruction ID: 99539dd7b5b304ce0cef1870baf2380d352e6c65171c09ed1b10bb607382bc1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffee9826a6eb061a766af2ef7ab075f9a2ea87b0d019eb02917fc65ac49db0d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFE1E3F3E152158BF3508E29CC84366B696EBD4320F2BC53CDA8897BC8D97D9D068785
                                                                                                                                                                                                                          Function 00414270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                          • Opcode ID: 7ad9a7f6b138ff5b30c98ca513a9f37f236d452a2788fe27ed732fc54e350728
                                                                                                                                                                                                                          • Instruction ID: a4ed4fafb16ceda8dc097dfaa8a18fdc5744b2b8c89f238e044e378a4ade961a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ad9a7f6b138ff5b30c98ca513a9f37f236d452a2788fe27ed732fc54e350728
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D1D3B16083449FD710CF14D841B9FBBE0AF95308F14452EF9999B381D379E949CB96
                                                                                                                                                                                                                          Function 004ED418 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: OrD$QRg<
                                                                                                                                                                                                                          • API String ID: 0-3466755953
                                                                                                                                                                                                                          • Opcode ID: 36d918d7f96bb0f444d2eaf695843a1fa974ff7ba2253d6452647fd9f21043e1
                                                                                                                                                                                                                          • Instruction ID: e84020c5b869382474ab3c45695b95e0b02660fbfcf52c488284a0b1dcec6813
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36d918d7f96bb0f444d2eaf695843a1fa974ff7ba2253d6452647fd9f21043e1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39A1A0B3F1162147F3484929CC683A66683DBD5321F2F817D8F89AB7C9D87E5C0A4384
                                                                                                                                                                                                                          Function 0041D4F3 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Fm$V]
                                                                                                                                                                                                                          • API String ID: 0-2730126902
                                                                                                                                                                                                                          • Opcode ID: c3cfe51e178e51f374d940a047dc71127365c80cf9b453d19b838aa89b61000c
                                                                                                                                                                                                                          • Instruction ID: a7db93110f3c3d996771477fc6d974ab773a1421de48d8b463dba8e549277917
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3cfe51e178e51f374d940a047dc71127365c80cf9b453d19b838aa89b61000c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F99112B62557408FD325CF29C880652BFA2EF9631872D869DC0994F366C33AE847CB94
                                                                                                                                                                                                                          Function 0051A4D8 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: b)u$d
                                                                                                                                                                                                                          • API String ID: 0-3453576043
                                                                                                                                                                                                                          • Opcode ID: 64917cb1c3b7b11712b501b2ced850a4d623b711e7d673c94e9eae7ca5267bff
                                                                                                                                                                                                                          • Instruction ID: f49e035727e26eada2aa30c37f736d693fc3fa035ec51ac5b62dc01c7080f327
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64917cb1c3b7b11712b501b2ced850a4d623b711e7d673c94e9eae7ca5267bff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD815EB3F1122587F3504E29DC84351B793ABA5320F3F41798E586B3C4EA3E6D1A9784
                                                                                                                                                                                                                          Function 0052606E Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: e+nY
                                                                                                                                                                                                                          • API String ID: 0-4033732181
                                                                                                                                                                                                                          • Opcode ID: 153ac01f1f49d61b3ff554ebe92ef27fbb73e5dbf9d46e273a4d8022e5701567
                                                                                                                                                                                                                          • Instruction ID: a3f189c958ebe763a59a02c5430f606a912b4495960b3ada95318f02d890370b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 153ac01f1f49d61b3ff554ebe92ef27fbb73e5dbf9d46e273a4d8022e5701567
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF02D0F3F046244BF3485A29DC983667A92EBD4310F2B423DCF99977C5E97E6C068285
                                                                                                                                                                                                                          Function 0043D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(1A11171A), ref: 0043D2A4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                          • Opcode ID: 51b55bab84ffc43d581138a12f9a70a0489b6ec821a681bb31e6dee0a90cfac3
                                                                                                                                                                                                                          • Instruction ID: d218d92ad2cf9f6dd73a32954ffd1f40063f45e9aff131410b8ca16acfff76b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51b55bab84ffc43d581138a12f9a70a0489b6ec821a681bb31e6dee0a90cfac3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 334111706043818BE3158B34D9A0B63BFE0EF57318F28968DE5D64B393D739D81A8B55
                                                                                                                                                                                                                          Function 0043D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ><+
                                                                                                                                                                                                                          • API String ID: 0-2918635699
                                                                                                                                                                                                                          • Opcode ID: bdd4370b9b5876de0897a450fd2a722ad6ce8e29d48e2a0aaa32982504d27181
                                                                                                                                                                                                                          • Instruction ID: e63a4de574d2eeec445fefeff374777208fa8b9dae5413062fcb91638cb963cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdd4370b9b5876de0897a450fd2a722ad6ce8e29d48e2a0aaa32982504d27181
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C11675A047418FD725CF2AD490762FBE2BF9A310F28959EC4DA8B752C739E802CB54
                                                                                                                                                                                                                          Function 0043B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                          • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                          • Instruction ID: 844a1ef908a38e71c93ac77776bb850d4380bafa4fa1270b9c960a1c1c48c504
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76C149B2A083146BD725CE25C49076BB7E5EF88314F18992FEA9587382E73CDC4487C6
                                                                                                                                                                                                                          Function 005093D0 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ]
                                                                                                                                                                                                                          • API String ID: 0-3352871620
                                                                                                                                                                                                                          • Opcode ID: a103e2ce9a0c83b5db79841aaf80f150cda961e5b9da7c31053bd86897c26108
                                                                                                                                                                                                                          • Instruction ID: 9c1279341c628ebff05e688337e876e3aa284c19e9791594f6a4783c4201f6fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a103e2ce9a0c83b5db79841aaf80f150cda961e5b9da7c31053bd86897c26108
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0B1ABB3F1052547F3544E28DC583A27693EB95320F2F42788E48AB7C5D97FAD0A9384
                                                                                                                                                                                                                          Function 004B8354 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 7!^
                                                                                                                                                                                                                          • API String ID: 0-171416435
                                                                                                                                                                                                                          • Opcode ID: c5306f79733e1cad7960f58f4e4e5b09fd021ae74293fa29d98a536a2be772e6
                                                                                                                                                                                                                          • Instruction ID: 4c75803d995528e382a95e8be1083f86c78004b77a4a6b918a075f2fb17c4931
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5306f79733e1cad7960f58f4e4e5b09fd021ae74293fa29d98a536a2be772e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EA1DEB3F1022647F3544D28DC583A27693EB95324F2F82798E886B7C5D97E9D0A93C4
                                                                                                                                                                                                                          Function 005080CC Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: &\)}
                                                                                                                                                                                                                          • API String ID: 0-2873715264
                                                                                                                                                                                                                          • Opcode ID: 695683a82c092620184e2081d25ad1303c2e6475f855a9b4ad30ffafae796397
                                                                                                                                                                                                                          • Instruction ID: f457378714d9316b0151bcfcf853555c8b3120cd9a89963644ec0d2afadc8108
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 695683a82c092620184e2081d25ad1303c2e6475f855a9b4ad30ffafae796397
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9919BF3F206244BF3444939DD583662A83ABD5314F2F827C8F996BBC9D87E5D0A5284
                                                                                                                                                                                                                          Function 004D6197 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: n
                                                                                                                                                                                                                          • API String ID: 0-2013832146
                                                                                                                                                                                                                          • Opcode ID: 5e5f14fdbea7f9910c881b90d8b4e5bad8c0aa34aeec1761593766a6f25909eb
                                                                                                                                                                                                                          • Instruction ID: dab60a1cda73bf17ce40170af1034aba5c5b8103ce477379346e237e91ba3acd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e5f14fdbea7f9910c881b90d8b4e5bad8c0aa34aeec1761593766a6f25909eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE9158F7F516254BF3440938DD993626583E7E5324F2F82388F98AB7C9D87E9D0A4284
                                                                                                                                                                                                                          Function 00437440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                          • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                          • Opcode ID: f4a9daf269fbf37a38e6f6e56b37d8b9ceb13f48118dca14cdfe87f041936a74
                                                                                                                                                                                                                          • Instruction ID: 6ce79637f14192d0797c355571da59d677925011cca99f9d561353664d1cdd31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4a9daf269fbf37a38e6f6e56b37d8b9ceb13f48118dca14cdfe87f041936a74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C712BF16083005BD7289A29DC9377B76A1EF99318F18953EE5C687392E23CDC05875A
                                                                                                                                                                                                                          Function 0051C482 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SM_&
                                                                                                                                                                                                                          • API String ID: 0-1871750565
                                                                                                                                                                                                                          • Opcode ID: d7c8917856be85f55bdcff19398797f0298a887132090886e80a0d11a5b43841
                                                                                                                                                                                                                          • Instruction ID: 722d3f87a9dfef90cfb23e62342196632f2c2ac74180d6b7dc6d34dd14e5df44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7c8917856be85f55bdcff19398797f0298a887132090886e80a0d11a5b43841
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC917DB3F5162547F3580928CDA83A67683EB91310F2F427D8E4DAB7C5DC7E9D0A5288
                                                                                                                                                                                                                          Function 0043C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: x|*H
                                                                                                                                                                                                                          • API String ID: 0-3309880273
                                                                                                                                                                                                                          • Opcode ID: 2afdc4e5b02f186813583a9f63117f3226b0e9b7a2d9271b5ae3affb932414cf
                                                                                                                                                                                                                          • Instruction ID: 5e8c712dea067396e70a76b323fba77658be6ced26d76392e8882e67836b1ad1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2afdc4e5b02f186813583a9f63117f3226b0e9b7a2d9271b5ae3affb932414cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 497106706047818FD729CF39C4E0723BBD2AF5A305F28D4AED4D79B796D63998068B14
                                                                                                                                                                                                                          Function 004AB128 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: o
                                                                                                                                                                                                                          • API String ID: 0-252678980
                                                                                                                                                                                                                          • Opcode ID: badbdd784ac7317555b02f6e3174ff7e141547b5fd97aaeda9c456414da7ca37
                                                                                                                                                                                                                          • Instruction ID: 457ff97f38cf2f233b9aeefc241fbe7cd8e630b795cac8a01078653378562310
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: badbdd784ac7317555b02f6e3174ff7e141547b5fd97aaeda9c456414da7ca37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF81AFB3F216254BF3404D29DC483926283ABD5321F2F82798E5CAB7C5D97EAD0A5384
                                                                                                                                                                                                                          Function 0041D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                          • API String ID: 0-3116432788
                                                                                                                                                                                                                          • Opcode ID: 0d222ff2e37973070fb547c459284b2eb02db8567553632ccf7adbfbbdba4413
                                                                                                                                                                                                                          • Instruction ID: c25c2a648b7fa45c270cd515b6ce643aa0020183830e8c5744d40f042c757a6b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d222ff2e37973070fb547c459284b2eb02db8567553632ccf7adbfbbdba4413
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC5135B0A003108FC724CF14D8D06B7B7E1EB5A705B58892EC5E783762C235F896CB49
                                                                                                                                                                                                                          Function 0043C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: N&
                                                                                                                                                                                                                          • API String ID: 0-3274356042
                                                                                                                                                                                                                          • Opcode ID: 9e15f4b59ce5f84a3252b69299b314cb4b0f20f2b0b8cfcdf4a26866b0835f45
                                                                                                                                                                                                                          • Instruction ID: d31cea6fbede3ceab0162a176e5db191b6567ec2597d0cf1e70a6e911b8f2ed0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e15f4b59ce5f84a3252b69299b314cb4b0f20f2b0b8cfcdf4a26866b0835f45
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F051F725614B804BDB29CB3A88513B7BBD3ABDB310F58969DC4D7D7786CA3CE4068B14
                                                                                                                                                                                                                          Function 0049841B Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: \
                                                                                                                                                                                                                          • API String ID: 0-2967466578
                                                                                                                                                                                                                          • Opcode ID: d1c9836eb4132b96e087f5d6dbbdb18ddb202c7159a11089386ac557692576a1
                                                                                                                                                                                                                          • Instruction ID: 255ae1794171a1edaf772a2522586b25f9dbcb2a074cfc2e6437f9245d6180e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1c9836eb4132b96e087f5d6dbbdb18ddb202c7159a11089386ac557692576a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E718BF7F116244BF3544D28DC883627292EBA5325F2F82788F986B7C5E97E5C065384
                                                                                                                                                                                                                          Function 004B219C Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: g
                                                                                                                                                                                                                          • API String ID: 0-30677878
                                                                                                                                                                                                                          • Opcode ID: 678efd76d4eb0271cf74d5b2512fec75a2a8498e88494ae803b095c5fb752801
                                                                                                                                                                                                                          • Instruction ID: 1c5d60e5667191e79296b18e1cc0db5a77ba61e24213a8d487fc1cfe53feac4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 678efd76d4eb0271cf74d5b2512fec75a2a8498e88494ae803b095c5fb752801
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85715BF3F116244BF3584928CCA83A27642EB95315F2F827C8E9DAB7C5D93E5D095384
                                                                                                                                                                                                                          Function 0043C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: N&
                                                                                                                                                                                                                          • API String ID: 0-3274356042
                                                                                                                                                                                                                          • Opcode ID: 6c05087790564287f88a60f5075c2f71b78072308f32bb11d40b9a486c4dcb93
                                                                                                                                                                                                                          • Instruction ID: 5c0fe2d5becb6480323e98ae09e0f4dff919476d371dad97472a6af194cc2264
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c05087790564287f88a60f5075c2f71b78072308f32bb11d40b9a486c4dcb93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9510825614B804ADB29CB3A88513B37BD3AF9B310F5C969DC4D7DBB86CA3CD4028B15
                                                                                                                                                                                                                          Function 0041F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                          • Opcode ID: b68ff8570e941695a3216e42384a1fa447eff01eefdf2d0a39f391d2f06d80e6
                                                                                                                                                                                                                          • Instruction ID: 70e94587ef0c100f1764553d7a9c2e660b9bcab40731fc36778daf9577a38225
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b68ff8570e941695a3216e42384a1fa447eff01eefdf2d0a39f391d2f06d80e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6861073261C7A08BC7109B3988512DFBBD19BD6324F294B3ED9E5D73D2E2388946C746
                                                                                                                                                                                                                          Function 00472096 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: l
                                                                                                                                                                                                                          • API String ID: 0-2517025534
                                                                                                                                                                                                                          • Opcode ID: 9f09650b9a4a99965778f01c8f08e554ecc41d4388fc0291faf9a69a31b3ef24
                                                                                                                                                                                                                          • Instruction ID: f19b9af3c38fe86713193752d25efd86f79d72dc9aff39a6ba7911d94eeeb672
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f09650b9a4a99965778f01c8f08e554ecc41d4388fc0291faf9a69a31b3ef24
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D61AFB3F1152547F3944928CC593A23293DBE1315F2F82788E8CAB7C9D87EAD0A5384
                                                                                                                                                                                                                          Function 00565276 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 9Yxo
                                                                                                                                                                                                                          • API String ID: 0-4125225535
                                                                                                                                                                                                                          • Opcode ID: 779a7f79b810ddda1c9d53d89e7049ab12ca251f84e31101660736944e013aa5
                                                                                                                                                                                                                          • Instruction ID: 4c0a06391087ee5d5cec526a9e6b680f2eccb7a18a62e71deaaf46fbe5e9a6c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 779a7f79b810ddda1c9d53d89e7049ab12ca251f84e31101660736944e013aa5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4512AF3F196144BE3006A2DEC8476AB6CBDBD4730F2E86399A84D7BC4EDB958064185
                                                                                                                                                                                                                          Function 00451160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                          • Opcode ID: 93d16d0aa6b359081a42f87295ac78d27a2fd3da063535e0e62926b583af9e17
                                                                                                                                                                                                                          • Instruction ID: 46baa48659f4b2fd47ca5ec25f91cb2d81a571157908c65e4543304d853e2449
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93d16d0aa6b359081a42f87295ac78d27a2fd3da063535e0e62926b583af9e17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B84112B19043109BD7148F24CC56B7BBBA1FFD5355F088A2DE9855B3A1E3399808C78A
                                                                                                                                                                                                                          Function 0043C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: AB@|
                                                                                                                                                                                                                          • API String ID: 0-3627600888
                                                                                                                                                                                                                          • Opcode ID: 5f04c6e6c62f3b631ed8b999b00c53f9e29ae710d00fe5e173854cc96c07ee94
                                                                                                                                                                                                                          • Instruction ID: db3a3e64c867de1b2acc03309bf58ca92016fdb6376ebc62b8c88b868df4a701
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f04c6e6c62f3b631ed8b999b00c53f9e29ae710d00fe5e173854cc96c07ee94
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F4113B15047928FD7228F39C850763BBE2BF97310F18A699C0D29B396C738E855CB54
                                                                                                                                                                                                                          Function 00438528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                          • API String ID: 0-3116432788
                                                                                                                                                                                                                          • Opcode ID: 2287672962537e27a63852bf25e22d17e30ebd49cfadd2e43f1c63fbe33e04ad
                                                                                                                                                                                                                          • Instruction ID: 99754b42763b58843259cf3ad92e7e7b5943dbfd532ac3c404429f446a5844ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2287672962537e27a63852bf25e22d17e30ebd49cfadd2e43f1c63fbe33e04ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21AD755093009BDB2D8B34C891A3BF793BBC9315F28262EE193527A6DB39D811464D
                                                                                                                                                                                                                          Function 00450340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                          • Opcode ID: 1e78879b6168551fc074a28df97c5dc9b728f3d639b33805e3ed82eb265b0a11
                                                                                                                                                                                                                          • Instruction ID: 63a6298d4bba2674d86cc96746b0f052e5947ca3037f4c06b08106c34af0982a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e78879b6168551fc074a28df97c5dc9b728f3d639b33805e3ed82eb265b0a11
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF31F1755083048BC314DF58D8D166FBBE4EB85314F14892DEA9983391D339D848CB5A
                                                                                                                                                                                                                          Function 0043E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 912e5234a5c05cfde28077c397a5c3b1f02728c379d047e2efb945828aa3e32e
                                                                                                                                                                                                                          • Instruction ID: cdf112bfaeea0017bde482683395863b0908909a85c884b21539461a934ba351
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 912e5234a5c05cfde28077c397a5c3b1f02728c379d047e2efb945828aa3e32e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D62B5F1511B019FC3A1CF29C881793BBE9EB89311F14892ED5AED7312CB7469058F9A
                                                                                                                                                                                                                          Function 004165F0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3424dbbb1e2dc33e8bed931183c0d5d2cbdb5121547c4df875c2eab7d441613b
                                                                                                                                                                                                                          • Instruction ID: 4e85d93884a9762ae06d87e676beafee1e3a371ccd5906829c4c0c5214118626
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3424dbbb1e2dc33e8bed931183c0d5d2cbdb5121547c4df875c2eab7d441613b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C752B2B0908B848FE735CB24C4843E7BBE1AB51314F16896EC5EA06782C37DE9C5C71A
                                                                                                                                                                                                                          Function 004173D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                          • Instruction ID: 18837251ad71f7a5e4940db5a678d0639e19317e8b1654459dd2a13c2d5908cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9222C471A0C3118BD725DF18D8806EBB3F2FFC4319F19892ED98697385D738A8958B46
                                                                                                                                                                                                                          Function 004A8418 Relevance: .6, Instructions: 550COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c231b28ca8f3dfe761cdb8e91e7de78d674e453b12212add53b26ac6bb27bed6
                                                                                                                                                                                                                          • Instruction ID: 64d059c146cf8b08c4cb28e0f1d51df4e4177b571a652f85b88d4882c2566cc8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c231b28ca8f3dfe761cdb8e91e7de78d674e453b12212add53b26ac6bb27bed6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 520270F3E61A3447F7600478DC88392658397A5324F2F42798E6C6B7C6DDBE5C4A42C8
                                                                                                                                                                                                                          Function 0049747A Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d98a86836c953dc1637677e5aac5daa6c0c6ad20131617536c0a1757b7e60907
                                                                                                                                                                                                                          • Instruction ID: 15ce44404cf9901b3dfafeced90f377ae920eda081e9b7947885f34083441114
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d98a86836c953dc1637677e5aac5daa6c0c6ad20131617536c0a1757b7e60907
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF1BEF3E156244BF3045A29DC483A6B6D6EBD4720F2B853C8B98977C4E97E9C0683C5
                                                                                                                                                                                                                          Function 00522031 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1dc7b97f19092567dfd188de3f2ecc57e4f0b3cae2e4e88a3ee55b76f79f5b76
                                                                                                                                                                                                                          • Instruction ID: 1d5b89ec28a2c38cbf4d50645c21d91206fc57c6fe232afed0d089d9424232f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dc7b97f19092567dfd188de3f2ecc57e4f0b3cae2e4e88a3ee55b76f79f5b76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F1AEF7F012244BF3544939DC983667687ABD4324F2F82398B98A77C9EC7E5D0A4284
                                                                                                                                                                                                                          Function 0044A5D4 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cb93278ba68228015fbf1d0d51acaa231e3eb8212d8bc7986935f02ee7848d4f
                                                                                                                                                                                                                          • Instruction ID: 6b490278961bbd4ea05205bb97b2be04265e39c0457193a7cb442b67f97b94bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb93278ba68228015fbf1d0d51acaa231e3eb8212d8bc7986935f02ee7848d4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D1243612831ADBDB148F38E852267B3E1FF48742F4A997DC481872A1F739C960C759
                                                                                                                                                                                                                          Function 004BA5AF Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 44b8fe500e4ae1a85f417c41d5f101f8f31c1a35f004ec40b19d222a923266c7
                                                                                                                                                                                                                          • Instruction ID: f52f0779a9da93b181fb906800ef9e25631ad1d7afee9eb778fb491240db8fe2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44b8fe500e4ae1a85f417c41d5f101f8f31c1a35f004ec40b19d222a923266c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E1E2B3E142248BF3405E29DC84366BB92EBD5720F2B823DDE985B7C4D93E5C098785
                                                                                                                                                                                                                          Function 004830DA Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df8193d5d36a176d527109d9b94c0c047cd55c32c65125c29a6d3df882c45d72
                                                                                                                                                                                                                          • Instruction ID: 0b80d55223e827d2624abfafeefe46b08ed08f89a71ab192fd5fb602671640bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df8193d5d36a176d527109d9b94c0c047cd55c32c65125c29a6d3df882c45d72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AE1EEF3E046148BF3445E29DC89366B692EBD4310F2B853DDE88A77C1E97E5D098385
                                                                                                                                                                                                                          Function 004A84EA Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d706f2221eb1e8730f3ed60b769886c2fb0cbc32fb0399cf761ae27dba67da5f
                                                                                                                                                                                                                          • Instruction ID: 735c5f4010cbe09e16cbcefa46184ff50061aad8b81667258e30f977428d6007
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d706f2221eb1e8730f3ed60b769886c2fb0cbc32fb0399cf761ae27dba67da5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED15AF3E6192446F7640478CC993A2598787B6324F2F4279CE6C6B7C2DDBE5C4A42C8
                                                                                                                                                                                                                          Function 004A2554 Relevance: .4, Instructions: 408COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b46b643b086629af921cf5ebaeb0e5fb7c553e477633878541bdbe61d3a3a6b6
                                                                                                                                                                                                                          • Instruction ID: 801b2c706fbd550290d9c59cb33e2f3d7e343b1e6ff3f01a568d54297840cb23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b46b643b086629af921cf5ebaeb0e5fb7c553e477633878541bdbe61d3a3a6b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0D1DEF3F056244BF3448E29DC94366B6D2EB95320F2B823D9A88977C4E93D5C0A8385
                                                                                                                                                                                                                          Function 004EF2A1 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4c9630a35955eb7ac9f60e0de0bb94586a525f9063eed642fe2e2e6fff163406
                                                                                                                                                                                                                          • Instruction ID: 7346a024b11de77a68b42407a0fafb088ee4a4a962527e41e5685de4e67def59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c9630a35955eb7ac9f60e0de0bb94586a525f9063eed642fe2e2e6fff163406
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CED18BF7F216254BF3544839CD583A125839BE5324F2F82788E5C6BBC9DC7E5D0A5284
                                                                                                                                                                                                                          Function 0048449B Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72e776ba805bc6654e6fc03dc213fa66940c32ee784ba683c84670881261aea6
                                                                                                                                                                                                                          • Instruction ID: 1e37848112ad2fbd6a20d4e4a8513b072819fefc0fb12cae6d68b67bb662a63a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72e776ba805bc6654e6fc03dc213fa66940c32ee784ba683c84670881261aea6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAD19CF7F5162547F3484838DDA836266839BA0325F2F82788E9CAB7C5EC7E5D094384
                                                                                                                                                                                                                          Function 004DE037 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: de91897d36bbeedaffcc27b22c56737b16a5aab340586247c9e5c53484fc07c3
                                                                                                                                                                                                                          • Instruction ID: 7cebfdb2a281c81b12ff273fac15260b4739c9a6e6f5684cfe93b75574e9d067
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de91897d36bbeedaffcc27b22c56737b16a5aab340586247c9e5c53484fc07c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5C1CFB3F5022547F3440939DD983A23683EBD5320F2F82798A595B7C5DD7E5D0A9384
                                                                                                                                                                                                                          Function 0047718C Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ecf56eb86f47cce4a8c762519bbfd4af0dc5ee798d721518d2118f557f9bb5aa
                                                                                                                                                                                                                          • Instruction ID: d053c0fea336acd4a4b037743080c9d3538115813f0aca0c74bba42161540238
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecf56eb86f47cce4a8c762519bbfd4af0dc5ee798d721518d2118f557f9bb5aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAC19CB3F516254BF3444D29DC943A27683EBD4324F2F82788A8C9B7C5E97E9C0A5384
                                                                                                                                                                                                                          Function 004C0145 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9b2863c70e828d5efcb94ef44d93b130517aef4fad533ba1e93f10ab7fbdaf9f
                                                                                                                                                                                                                          • Instruction ID: b7cf08e96f2015747cedea78418a00e12726f5a242066b26297c2f66a1c5f4f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b2863c70e828d5efcb94ef44d93b130517aef4fad533ba1e93f10ab7fbdaf9f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9C1DEB7F112154BF3444D68DD983A26683DBE5314F2F82788F48AB7C9E87E9C0A5380
                                                                                                                                                                                                                          Function 004F35E6 Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 211ef91e3f5c019e98fb41f33933c35f91be8643338eda588a12b4dce8278374
                                                                                                                                                                                                                          • Instruction ID: 52b844e424f6ff33962cc9dbe8849a718af9f7516f5c160ea897de8aa996d67b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 211ef91e3f5c019e98fb41f33933c35f91be8643338eda588a12b4dce8278374
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5C18BF3F2162547F3544878DD993A26583D7A4325F2F82788F58AB7C6D8BE8D0A4284
                                                                                                                                                                                                                          Function 004D9510 Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9ab659ee8326166016c4a3fae07ef21a73df02ebad6b4fd79370de8ef1dfbc88
                                                                                                                                                                                                                          • Instruction ID: ae198f1a907cdacb1c56b9ff5046c4f63c6fd63f60b183f4b477d1702380bcde
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ab659ee8326166016c4a3fae07ef21a73df02ebad6b4fd79370de8ef1dfbc88
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8C18DB3F1062547F3984939CCA83A26683EBE4314F2F817D8F895B7C5D87E5D0A5284
                                                                                                                                                                                                                          Function 004C2510 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0178a7788783eda636a7585daad3c870cef6a62a19cc215f3d9c5434a5b0a78c
                                                                                                                                                                                                                          • Instruction ID: bf5cabc2c317b88989c0ed5d8f3f50620578cda5bd59d7cc9207e07929860051
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0178a7788783eda636a7585daad3c870cef6a62a19cc215f3d9c5434a5b0a78c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72C1BDB3F1022547F3584928CD683616683EBD5320F2F823D8E4EAB7C5D97E5D0A5384
                                                                                                                                                                                                                          Function 004CF255 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72c280e6bd1359fbd8efddc198c5cc3f5509922ce330ef9f783bc18f0cb660f5
                                                                                                                                                                                                                          • Instruction ID: c337de71afc9ae4df32e115f164607ebfcf9cbdcacec5d084b01ae31e1f7cb9e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72c280e6bd1359fbd8efddc198c5cc3f5509922ce330ef9f783bc18f0cb660f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CC17BB3F2062147F3984878CDA83A66582D795324F2F827C8F59AB7C5D86E5D0A53C4
                                                                                                                                                                                                                          Function 004EC196 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 48ba6801f8532be37008326874ef0507ba8abf29ced1f363881c969ae9eedc28
                                                                                                                                                                                                                          • Instruction ID: aeb705b22ef4c3c8f475824ded188fcdfa84581a72e3f24978f25b41996c84e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ba6801f8532be37008326874ef0507ba8abf29ced1f363881c969ae9eedc28
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71C1D1F3F1022547F3444879CC593A26583DBE5315F2F82388F58ABBC9E87E9C0A5284
                                                                                                                                                                                                                          Function 00519401 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 337ea073dbd24e23188b2a860a6aab207706c0f32c1ed2eb49163b0c99f2821d
                                                                                                                                                                                                                          • Instruction ID: a3e79aa27ead12c7e477ddbbe62dd2ff9326553ecc16a1436d8626905ab807a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337ea073dbd24e23188b2a860a6aab207706c0f32c1ed2eb49163b0c99f2821d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FC156F3F2162547F3544878CD9836266839BE5320F2F82798E5CAB7C5DCBE9D0A5284
                                                                                                                                                                                                                          Function 0042E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 146ae2b7b2e57a787d41b0a4b5c2d72ebcac2d8a00cc27c08126fef219e0d18c
                                                                                                                                                                                                                          • Instruction ID: 693530fffdc8f83945e9f6bbc28cb85b75a0ad126f26eabd9c70d82fb7313642
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 146ae2b7b2e57a787d41b0a4b5c2d72ebcac2d8a00cc27c08126fef219e0d18c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01B13771604311AFD7109F25DC42B1ABBE2BFC4319F544A3EF998933A1D73AD8588B4A
                                                                                                                                                                                                                          Function 004D520A Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 029e60c9cadb73d4529944b4eda55e311c45426f7334b6f79de187f0f8960658
                                                                                                                                                                                                                          • Instruction ID: 01d654c60a014945628d21a07b5cf32a3bb147cd3c314c1c885aa62e2b464343
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 029e60c9cadb73d4529944b4eda55e311c45426f7334b6f79de187f0f8960658
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B1ACF3F1162547F3844869DC983A266839BD5324F2F82798F4C6B7CAD87E5D0A5388
                                                                                                                                                                                                                          Function 004865F1 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 00beed65663865d58c8abb540f4168fcf0f63df686a2b07d927c39b51ea58de0
                                                                                                                                                                                                                          • Instruction ID: c0b1737f179d1a13d5330beec8154be285d4c44a7da27b4c50659467645e270e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00beed65663865d58c8abb540f4168fcf0f63df686a2b07d927c39b51ea58de0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33B1A9B3F1121547F3484D38CC683A26683EBE5324F3F827D8A5A5B3C9DC3E680A5284
                                                                                                                                                                                                                          Function 0052A59D Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c2c551df7123c958f3dce20c50196c198f83a22cc9f284c8ae09cf7f3f561ba1
                                                                                                                                                                                                                          • Instruction ID: efd40ce4d7a5da38a2eefd5bd9d7a00bc92e4a84e97b549ba87aa441ac313f16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2c551df7123c958f3dce20c50196c198f83a22cc9f284c8ae09cf7f3f561ba1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB148F3F215254BF3584839CC683A265839BE5324F3F42788E5DAB7C5E87E9D0A5284
                                                                                                                                                                                                                          Function 004712CA Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b990fb5856b5bbed8b0a130ebd457b918a0b2995380324508a78abd1cf4ba0bd
                                                                                                                                                                                                                          • Instruction ID: badd1945514da4dca6a662d15a1cb6b72ea40d8c70b7ef23f3b0d4fcd9ff9712
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b990fb5856b5bbed8b0a130ebd457b918a0b2995380324508a78abd1cf4ba0bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B1BEB3F1162547F3544878DC983A26683DBD5324F2F82788F58ABBC9D87E5D0A52C4
                                                                                                                                                                                                                          Function 004DD10E Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2dcf2e66ed3ac4e2be54930f08fb24fc1728de2e802e6da240bbeec4e8de87a5
                                                                                                                                                                                                                          • Instruction ID: ffaaf49e879c8f1935c5ec8c2482e47290c45ddd164c446f2e9a417a7ceacffe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dcf2e66ed3ac4e2be54930f08fb24fc1728de2e802e6da240bbeec4e8de87a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B1ACF3F6162547F3944824DC993A22183D7E1325F2F82788F996BBCAD87E9C065384
                                                                                                                                                                                                                          Function 004C55AD Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ce1c0a1d8609ae1dc2a45526afafbc32968bc841a1c2bef140adf66b6a1b16c1
                                                                                                                                                                                                                          • Instruction ID: deb538e7de0351c725b8a4c146ab621497407ddd0a947b22efa3c02727646028
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce1c0a1d8609ae1dc2a45526afafbc32968bc841a1c2bef140adf66b6a1b16c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40B18CB3F2162547F3884938CC983626283DBD5311F2F82788E5DAB7C9D97E9D0A5384
                                                                                                                                                                                                                          Function 004B74D4 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 798fe718accfd8ff071909e0da98c4d9dca973fb442c1ad407e83c0f332ec55a
                                                                                                                                                                                                                          • Instruction ID: 92048f34e2d721ea1e28078c8dd8258497ad556bcb36d3ef83bb1488db0f1c42
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 798fe718accfd8ff071909e0da98c4d9dca973fb442c1ad407e83c0f332ec55a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15B189F3F1162047F3540839DD983A26583A7E5324F2F82798E5CAB7C5DCBE8C0A4284
                                                                                                                                                                                                                          Function 004AD17A Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c38046b66c425fc1d97ecc9283aee614cdb9ad8217d0de33bbab669b383b6b89
                                                                                                                                                                                                                          • Instruction ID: 93a01cda1ab19fb952153c1aee597c3c40e7e499bf73695c5d3cadfe2feec68c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c38046b66c425fc1d97ecc9283aee614cdb9ad8217d0de33bbab669b383b6b89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1B1AEB3F111254BF3444838CD683666683E7D5320F2F82798E99ABBC9DC7E9D0A4384
                                                                                                                                                                                                                          Function 004902DA Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 05b1a1fa86d7d11857f0eab35be730706e8d0cad4352fc3e9e7f346075ffae97
                                                                                                                                                                                                                          • Instruction ID: 8d729ad45c6287f3d09f36e37e107d7172664679c7299549ca273fe92215b133
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05b1a1fa86d7d11857f0eab35be730706e8d0cad4352fc3e9e7f346075ffae97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1B167B3F112254BF3484938CC583A266839BE5325F2F82788E596B7C9ED7E5D0A5384
                                                                                                                                                                                                                          Function 004CA09C Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c3ed0bac0706b53a045ff602322fb06f465de46900c6e6d4f35437edd71f279d
                                                                                                                                                                                                                          • Instruction ID: f7f630c3b1b16acc7eef16915c428ba7dc7a3d0a1f3b7ca14bf300ee7e9e838f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3ed0bac0706b53a045ff602322fb06f465de46900c6e6d4f35437edd71f279d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B146F3F1252547F3444939CC683A26683A7E1325F2F82788A596BBC9DC7E9D0A5384
                                                                                                                                                                                                                          Function 00495295 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a383a523fedf94b9de526a0e8f925f65a86c1670d0a53cd052b6cbc44b8b89f7
                                                                                                                                                                                                                          • Instruction ID: ba2c94b22ba7d7c41e063f040245ecdb3bc5dc7e7d6d1ff58e14338dd8481b0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a383a523fedf94b9de526a0e8f925f65a86c1670d0a53cd052b6cbc44b8b89f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4B17BB3F106244BF3544D29CC983627692EB95314F2F81798E88AB7C5DD7EAD0A9384
                                                                                                                                                                                                                          Function 004A3347 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7cbeefe6298b83025bf37fd5a1bf96c7f8a47f08ba9a79b14b966106edaea063
                                                                                                                                                                                                                          • Instruction ID: 5d77934fc426177c4e54d41a524831fe60cb15100865a859aaad702f208bbf26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cbeefe6298b83025bf37fd5a1bf96c7f8a47f08ba9a79b14b966106edaea063
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B18BB3F1162547F3984938DC683626683ABD1324F2F427D8A99AB7C5EC3E5D0A4384
                                                                                                                                                                                                                          Function 005255F4 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d40c3c86ceffd72ccdd0149b11eb6253d16dd5844d9598a76db39238b27ac028
                                                                                                                                                                                                                          • Instruction ID: d297b1ddb3fdc36b71cc1a9701e8ddd6dd1360b3c0d8770f20d19272810fe26d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d40c3c86ceffd72ccdd0149b11eb6253d16dd5844d9598a76db39238b27ac028
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB19BF3F512254BF3544979DC983A2668397D5321F2F82788F98ABBC9EC7E5C064284
                                                                                                                                                                                                                          Function 004BC288 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f1430c86f9c214563cad9d9fc28e1bf745139bc759b1286df8a2e4ee6a19498a
                                                                                                                                                                                                                          • Instruction ID: e74c3d4118d9fc694240a6c029fb9e250026b32ed469719526f4f71e5e9ff0bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1430c86f9c214563cad9d9fc28e1bf745139bc759b1286df8a2e4ee6a19498a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BB159F3F2152147F3444928CC583A26683A7E5321F3F82798BA9A77C5ED7E9D065284
                                                                                                                                                                                                                          Function 004734FE Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b741daa1787159d9648c0e8f9b6f3127817d63e3b9e323797c02570058ebb8d3
                                                                                                                                                                                                                          • Instruction ID: f802b723eeaa074d0523f46ceb023f5665cb5433c8f28531dc7398e521a3ac0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b741daa1787159d9648c0e8f9b6f3127817d63e3b9e323797c02570058ebb8d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5B19AF3F1162447F3544939DC583A26683ABE5325F2F82788E9C6B7C5ED3E5C0A5284
                                                                                                                                                                                                                          Function 0048A524 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cbbb96a4378f42f93641cb288a620576925ed2874a028aed8c6f7dcb40fb8830
                                                                                                                                                                                                                          • Instruction ID: bbeb633e01759069893a56b049dcf80d104935adc24602bcf7301bbcef48b4d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbbb96a4378f42f93641cb288a620576925ed2874a028aed8c6f7dcb40fb8830
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03B159F3F6162547F3484874DD983A26183D7A5321F2F82398F5D6B7C6E87E5C0A5284
                                                                                                                                                                                                                          Function 0048E0C1 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f2ad547d1885935976794a3df3c97fc79cadeaa440a25531cea0942649f3931d
                                                                                                                                                                                                                          • Instruction ID: 26277dbc672e13d2c2684d43d00383c55a312a61f5ea3d784ca2f07282062e60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2ad547d1885935976794a3df3c97fc79cadeaa440a25531cea0942649f3931d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB1BCB3F5162447F3544839DC983A261839BE5320F2F82788F9DAB7C6E87E5D0A5384
                                                                                                                                                                                                                          Function 004A5174 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 025e7a24627a1e3cd317497e4f59c3992401439c7e522876331d2e3fd06de8ef
                                                                                                                                                                                                                          • Instruction ID: a63e9759bfdab6161e1a3deba47aeff73939082f131253f8e58967d6a20aaaf2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025e7a24627a1e3cd317497e4f59c3992401439c7e522876331d2e3fd06de8ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CB17BB3F106244BF7584928DC683617692DB95320F2F827D8E99AB3C4E93E6D069784
                                                                                                                                                                                                                          Function 004C7308 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3f2c7f72248fc18eb4dfbe5d1232ce4eb06273d6a4e584e3c9ed398049d0f3ae
                                                                                                                                                                                                                          • Instruction ID: a0838c6f15e9ae7b700c7f61f0ae2de535bd64561927c1298336343328613328
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f2c7f72248fc18eb4dfbe5d1232ce4eb06273d6a4e584e3c9ed398049d0f3ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1A1CFB3F506254BF35448B8DC9839266839BD5324F2F82788F9C6B7C6D9BE5C0A5384
                                                                                                                                                                                                                          Function 0052937B Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fd224e759dd23361522f5b6e04be360bf2b9b2bf40f185263d8bdc9c65128ae2
                                                                                                                                                                                                                          • Instruction ID: 442fc4fd95c5658afebeed8135cd766895078d795187556097a071f212306017
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd224e759dd23361522f5b6e04be360bf2b9b2bf40f185263d8bdc9c65128ae2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B18EB3F2162547F3544878DC983626683DBD5320F2F82798F5CAB7C9D87E5D0A5284
                                                                                                                                                                                                                          Function 00416160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                          • Instruction ID: 5ab703fd345100c5ca7a4fe0d9e89ff9d70b4f4e6d2b4f8f8b287c9d01cefa49
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBC14BB2A487418FC360CF68DC86BABB7E1BF85318F09492DD1D9C6242E778E155CB06
                                                                                                                                                                                                                          Function 004F158C Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0088bcdc51d889a2bdec9fd9ebedcbfdc6dc821d182f14dc1810a12d27194415
                                                                                                                                                                                                                          • Instruction ID: b79a3c985ad4988f8be45eb92d8c61d67bd578d381eaea4d8403b4076fe9d41a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0088bcdc51d889a2bdec9fd9ebedcbfdc6dc821d182f14dc1810a12d27194415
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBA180F3F1122547F3544929CC983A26683EBD5324F2F82788E9C6BBC5D97E5D0A9284
                                                                                                                                                                                                                          Function 00527284 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 444b570dc6fd2bd19ce77a7c23de9e79e6faad1978549eca23e8ea07a916c19d
                                                                                                                                                                                                                          • Instruction ID: a5dc929e0f60ff9f238772062a8b62dc81bf627273d21b16963e411225703b26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 444b570dc6fd2bd19ce77a7c23de9e79e6faad1978549eca23e8ea07a916c19d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24A18BF7F1072547F3544978DD883526A82EB95314F2F82388E9CAB7CAD87E9D0A5384
                                                                                                                                                                                                                          Function 0047F3B8 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 51a4bc5226dc0194fa3f692824dcca94c704566534028bc028412da5e46b39ad
                                                                                                                                                                                                                          • Instruction ID: b1ec8b73679f308bf63693f8aec4486b170a0c1460115da93bcc91b521b59fc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51a4bc5226dc0194fa3f692824dcca94c704566534028bc028412da5e46b39ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CA19CB3F1122587F3440E28CC683A27653EB95314F2F81798E59AB7C5D97EAD0A93C4
                                                                                                                                                                                                                          Function 0050B56C Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 965664559d7c001a9593e0caeebca5d327e04aba48234d3a2a052aba6e705e06
                                                                                                                                                                                                                          • Instruction ID: 136fbdfd8efc58537516a0fe722e2626ef81ac8b8e6e449f9d2f6b68adfd691d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 965664559d7c001a9593e0caeebca5d327e04aba48234d3a2a052aba6e705e06
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5A1BCB3F206254BF3540D38DC583A26643DBE1324F2F82798E59ABBC9D87E5D0A5384
                                                                                                                                                                                                                          Function 004BE435 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7485a88bcbd07f9251b4172a2801e2750fd8c8c6729df2386d157e8309d31712
                                                                                                                                                                                                                          • Instruction ID: 29b0a3f709dae6fdfe9ad1f025461ef01db4b37ef3fcc47c56ed67e349cc4007
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7485a88bcbd07f9251b4172a2801e2750fd8c8c6729df2386d157e8309d31712
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BA18EB3F116244BF3504979CC583927683EBD5324F2F82388E98ABBC5D97E9D0A5384
                                                                                                                                                                                                                          Function 004BB541 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9f30eb57b86b8e7e5b065d1a78dc3c770bc7015d1a5e0c5ee4209dfd0814b79f
                                                                                                                                                                                                                          • Instruction ID: a7492027bb6adaea042bd9acd06bb53816661633b34e027339e47647a267517e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f30eb57b86b8e7e5b065d1a78dc3c770bc7015d1a5e0c5ee4209dfd0814b79f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECA18CF3F2162447F3544928CC983A26683EBD9325F2F82798E5CAB7C5D87E5D0A5284
                                                                                                                                                                                                                          Function 005235EF Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d5b3dc1c32a49df7b4ae9cf446fbd12bafbd2b3bb036c4e0bb8003e162af978a
                                                                                                                                                                                                                          • Instruction ID: bc5e8c6a3a1dc349148bc8a93185fb6f97bdc28ea3b9711bfea353df5a5afd11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5b3dc1c32a49df7b4ae9cf446fbd12bafbd2b3bb036c4e0bb8003e162af978a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0A18AF3F2162547F3440938DCA83A16683DBA5325F2F42788F6C6B7C6E97E9D095284
                                                                                                                                                                                                                          Function 00488585 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 218591fcab8d3686899dd459e996013fcf56a397da8419245a3d0a7ebfca39db
                                                                                                                                                                                                                          • Instruction ID: 99ffa98e0c8f17194d3f57a170f128b6f6965179d2f99d53e28f6be8884284e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 218591fcab8d3686899dd459e996013fcf56a397da8419245a3d0a7ebfca39db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CA1BCB3F112254BF3544D39CD993622683EBD5310F2F82788E599B7C9DC7EAD0A9284
                                                                                                                                                                                                                          Function 004E7507 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c6a78a19b40fb03d1f0ef73e6affe514b0be28351f571f49fe59702817e621c0
                                                                                                                                                                                                                          • Instruction ID: 6e2d57dfb4ca377f92ef719892493264836daab1cab0b2f32161c4263f84337e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a78a19b40fb03d1f0ef73e6affe514b0be28351f571f49fe59702817e621c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28A1C0B3F1162147F3544934DC943A26283EBE5325F2F82788E48AB7C9E97E9D0A5384
                                                                                                                                                                                                                          Function 0052F57A Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6f50b61be1995aade075210a06662f882b757b92f5b2c8ead27974a7ee2e7b4d
                                                                                                                                                                                                                          • Instruction ID: b6e2119ee0936820287658ec05544ff4eb23e131fc4d5cc0d4310b340e016b0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f50b61be1995aade075210a06662f882b757b92f5b2c8ead27974a7ee2e7b4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12A199B7F1122447F3884879DD983A265839BD5324F2F82398F4D6B7C6DCBE5C0A5284
                                                                                                                                                                                                                          Function 0052C318 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b6306bb8d2722dc38e79ffe0a74b1dc8a68a05036f5683495f0f0d77882557ee
                                                                                                                                                                                                                          • Instruction ID: 322bae0e4852f69e4093dcc9154ad871a705c9bf72661fb79fd4a8256dad5b40
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6306bb8d2722dc38e79ffe0a74b1dc8a68a05036f5683495f0f0d77882557ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EA159F3F1152147F3144D29DC983626683EBE5325F2F82788E9C6B7C9D93EAD069284
                                                                                                                                                                                                                          Function 00475411 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c43ef1b3cd090b4f8f6c4ce9023043c7562048adf52a1bd82b613d7a5cef0e11
                                                                                                                                                                                                                          • Instruction ID: 8e12c28bdfc48a29623994e7fb4c862b78a1ba2450d81e611f1221447d41c0a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c43ef1b3cd090b4f8f6c4ce9023043c7562048adf52a1bd82b613d7a5cef0e11
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBA17CB3F1122587F3444E29DC543927693EBD5320F2F82798EA86B3C4E97E5D0A9384
                                                                                                                                                                                                                          Function 004F91FF Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e97aebaa8f0a8cf45c923ba2aeba2bcb038894d21cedb8a832bebefedda4da2
                                                                                                                                                                                                                          • Instruction ID: 6a383762f71df381420e8dc130886b4a9a43e997a3a4ae64b7624a65fbc8d188
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e97aebaa8f0a8cf45c923ba2aeba2bcb038894d21cedb8a832bebefedda4da2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88A1AEB3F1162547F3444D29CC843A27683EBD5325F2F82788E9CAB7C9D87E9D0A4284
                                                                                                                                                                                                                          Function 00512525 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b66f80ad3d2c7c8d6d37d8006798dae022b9c492d36b0106337113ef2ad2434d
                                                                                                                                                                                                                          • Instruction ID: 85ac0d4e8f13317ffb6d658e05368835ce223c40b90bad8cb35e999398087fe1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b66f80ad3d2c7c8d6d37d8006798dae022b9c492d36b0106337113ef2ad2434d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EA189B3F2162147F3584828DC583A26683ABD5324F2F82798F5DAB7C5D87E9D0A53C4
                                                                                                                                                                                                                          Function 00486164 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: aa5a779e1d8a8d06f0747c51b6705a940c87747402a80345b346b337ea4b00a7
                                                                                                                                                                                                                          • Instruction ID: 2ce78391495111fb978575585a8020f844308570c12e81da4451ccb447bebb58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa5a779e1d8a8d06f0747c51b6705a940c87747402a80345b346b337ea4b00a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1A19AB3F5122447F3844878CC983A265839BD5325F2F82788F5DABBC9D87E6D0A5384
                                                                                                                                                                                                                          Function 004880EC Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93596a1d7bd0b4524fe26035ef452c9a1df976e6532c1e9faa636e42b1dbe4a6
                                                                                                                                                                                                                          • Instruction ID: 4eea7c534581097a7a9491bfb6cb8ca16dcf29f4543e864d2a9444639158ef5d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93596a1d7bd0b4524fe26035ef452c9a1df976e6532c1e9faa636e42b1dbe4a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06A159F3F1162447F3584868CC983A6668397D5324F2F82788F99AB7C9D87E6D0A5384
                                                                                                                                                                                                                          Function 0050E1A1 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 083475b6aa41e4ac39314607776585912f71dc0b99c8971b4274aececcf187cd
                                                                                                                                                                                                                          • Instruction ID: d4d1baf144cdc56d365a3c0681c840c2758ea91717b133b1da7419984a247cd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 083475b6aa41e4ac39314607776585912f71dc0b99c8971b4274aececcf187cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2A18CB3F6162547F3544938CDA83A22683DBE5311F2F82788F586BBC9D87E5D0A5284
                                                                                                                                                                                                                          Function 004A41C4 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 81f230f7b38f3c7cd91c20239fdb4209c69c4bfbebb7239a30df9d28428c9695
                                                                                                                                                                                                                          • Instruction ID: 61ab348f511dd87d3e90f40c0cd02f73c57ec4ab2417fa872f2d13c9ce035161
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81f230f7b38f3c7cd91c20239fdb4209c69c4bfbebb7239a30df9d28428c9695
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87A189B7F116244BF3844979DC983626683E7D5315F2F82788E586B7C5DC7E1C0A5384
                                                                                                                                                                                                                          Function 004B7078 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8447883a092005696f8cb3bc651b09e08a2aec26bc673dadc37d1e345edb70ea
                                                                                                                                                                                                                          • Instruction ID: d108138e9eb766774d5266418374f8c2fe713adce773c1bc985a8083971f8b43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8447883a092005696f8cb3bc651b09e08a2aec26bc673dadc37d1e345edb70ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81A1ADE3F116114BF3444D28DC593627283EBE5315F3F81798A499B7C9E93EAD0A9384
                                                                                                                                                                                                                          Function 004BF4A7 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4fba2371384f6ddc6cf7070a21a38f76772a9add4e0eb5d0712bb5ec12223ac5
                                                                                                                                                                                                                          • Instruction ID: d04c35893ee8558b7dfb86f12a4f7d20363f735ecad3d4fa026ed2bec4316e0a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fba2371384f6ddc6cf7070a21a38f76772a9add4e0eb5d0712bb5ec12223ac5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA18AB3F111254BF3944A28DC493A17643EBD5310F2F827A8E5C6B7C1D97EAD0A9384
                                                                                                                                                                                                                          Function 004A73DE Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 74f776f8de33c851ad9a283dfada938ec19c9b3599fea8d5f51c384139e23781
                                                                                                                                                                                                                          • Instruction ID: 5b9623db89e3f0bd8a568311a63e8cd6032f4a26bfb2ff6622736737eefcb0cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74f776f8de33c851ad9a283dfada938ec19c9b3599fea8d5f51c384139e23781
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD91BBF3F5162447F3580938CCA83A2268397E5320F2F42798F5DAB7C5D87E9D0A5284
                                                                                                                                                                                                                          Function 004FA3D7 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 15c646e11f1c92457dc6a6f1b854e8b72182ce57dfdfc55d89a31894ffa76850
                                                                                                                                                                                                                          • Instruction ID: db0776491675028390c42c7f04b8d773beabf1181bb9c93f2f831cbaada75b1f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15c646e11f1c92457dc6a6f1b854e8b72182ce57dfdfc55d89a31894ffa76850
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0919AB3F116254BF3944D69DC983626283EBD5314F2F82388E98AB7C5D97E9C0A5384
                                                                                                                                                                                                                          Function 005120CD Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2770a97d15697cfcbc2e982d95f880aabe77345fca3420e9d1dc4f3363aec835
                                                                                                                                                                                                                          • Instruction ID: c8a85639160c44349be40ee4eee24dcca1d452851605e5807d5e2e1ec75374df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2770a97d15697cfcbc2e982d95f880aabe77345fca3420e9d1dc4f3363aec835
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B91CDB3F1162547F3584939DC583627683ABE5320F2F82798E5DAB7C5E87E5C0A8384
                                                                                                                                                                                                                          Function 004C20AE Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9d89fbd952c7434a055ee82323367de4d32125f1db7d6f4f5dbaca7b19d791b4
                                                                                                                                                                                                                          • Instruction ID: 63d0481b961087e00c7276a2da32dc0839da0d908a82bbf8d091fc7660ed9482
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d89fbd952c7434a055ee82323367de4d32125f1db7d6f4f5dbaca7b19d791b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04917AB7F5122147F3544928DC983626283EBD5315F2F82798F8C2B7C4D9BE6D0A9384
                                                                                                                                                                                                                          Function 004A212D Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0675bc8f46adc8681214f5dbebcb8d3f3dd9fed60ffaa41f53d687034d8d86e7
                                                                                                                                                                                                                          • Instruction ID: 246c7bb06cb0ec919cb0771fdefafa88d522eca430ae481d71f703c0e75d2021
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0675bc8f46adc8681214f5dbebcb8d3f3dd9fed60ffaa41f53d687034d8d86e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A29188B3F1122587F3044D39CCA83627693DB96320F2F82798E596B7C8C93E6D0A5384
                                                                                                                                                                                                                          Function 004FC4EA Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d699c757d742ffa398274afadd3b1aae822d004dd8739e838834399ef93fc043
                                                                                                                                                                                                                          • Instruction ID: efe38fc37ae198003517ab48c4acd2f71b8ff5a335b7cdf1bb413ca8306ea77f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d699c757d742ffa398274afadd3b1aae822d004dd8739e838834399ef93fc043
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 529168B3F1162547F7584838CD983626683ABD5310F2F82788F4D6BBC9D87E9E0A5284
                                                                                                                                                                                                                          Function 004B55F2 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6929470a496303ad46fcf133df21ea0c6df8c36d526f94809d05f2382182871f
                                                                                                                                                                                                                          • Instruction ID: c8bbd3bbeedc3ffa75980e8884689547d85cb4e49e3a15f5e64ade788f6a8b0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6929470a496303ad46fcf133df21ea0c6df8c36d526f94809d05f2382182871f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8191DEB3F1122547F3544D28CC943A1B293EBD5311F2F82798A986B7C9D93E2D0A9384
                                                                                                                                                                                                                          Function 004D103A Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d3e73c8f058151b0a51f4ac6fb62a352503b5b67642d78f05fc31181e3adc66e
                                                                                                                                                                                                                          • Instruction ID: 6de44c0454ca12fdd990fdd7ff22112f8baa7817bf875ee8d1947275ac9bbcc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3e73c8f058151b0a51f4ac6fb62a352503b5b67642d78f05fc31181e3adc66e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15916DB3F5112447F3484838CCA83A26693D795314F2F427D8E49AB7D9DC7E5D0A9284
                                                                                                                                                                                                                          Function 0047617D Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d34fd0e7aead775ac03f14ddda4b83fe3eff7a6d95f30fb6301893e7642f1e0b
                                                                                                                                                                                                                          • Instruction ID: 5bdd155f11486b38eac01ea41296507105ac83d43389c8e7322899e63c90fe83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d34fd0e7aead775ac03f14ddda4b83fe3eff7a6d95f30fb6301893e7642f1e0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D918AB3F1162447F3844838DCA83626683EBA5324F2F82798F996B7C5DC7E5D0A5384
                                                                                                                                                                                                                          Function 005022FB Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7efe823d0b0b3761f20852996d69c46e5c79a86de36bbf1c7f0ce5d87e96ec94
                                                                                                                                                                                                                          • Instruction ID: 793ba22b594a602865e2f54526b0573e24c1a81d0fef23e2a291a435a116faa7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7efe823d0b0b3761f20852996d69c46e5c79a86de36bbf1c7f0ce5d87e96ec94
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6917DB3F1023547F7544939CD983626693AB91324F2F82788E9C7BBC9D87E5D0A92C4
                                                                                                                                                                                                                          Function 004C5175 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5e7d723bc591c82f589754616ed2f6939b3d40a39b8ba6ba8521a56e89f4c852
                                                                                                                                                                                                                          • Instruction ID: 399a297e0ec11952a0be847d99e47e31632e0a85413bbf53c353c09f626c931f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7d723bc591c82f589754616ed2f6939b3d40a39b8ba6ba8521a56e89f4c852
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7919AB3F2162547F3844938CC583A26683ABD5311F2F82798E5DAB7C9E87E5D0A5384
                                                                                                                                                                                                                          Function 004AB4E9 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 26f4f0f56aec59668f6f7d7667ef4a1235375387e8c9cee4a5b6e8a3e79bb22f
                                                                                                                                                                                                                          • Instruction ID: c3d5abfb84a3ced9bd24ff1d0aec85e26e19782f6936d917d379c1ce17e7e989
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f4f0f56aec59668f6f7d7667ef4a1235375387e8c9cee4a5b6e8a3e79bb22f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9918CB3F115244BF3540D28CC683A27293EB96321F2F827D8E596B7C5D93E5D0A9384
                                                                                                                                                                                                                          Function 004AF04E Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02d3e156519547a052551324835941622fcbb58f0df003efd3ac90341ed74f94
                                                                                                                                                                                                                          • Instruction ID: a8521e6f5c4b8f3fecf72ebdeeea728e95456400ac900f3e2da73ccc550c485e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02d3e156519547a052551324835941622fcbb58f0df003efd3ac90341ed74f94
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8916EF3F1162547F3584D78CC583A26683DBA5324F2F82788F48AB7C5D87E9C0A9284
                                                                                                                                                                                                                          Function 005251EC Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b39d094e4346a1121ba7ecad8a7144e0f6f09955f33cbede903b94461c05b8cc
                                                                                                                                                                                                                          • Instruction ID: cb5b629e89ce60bca6e8657dbfedf78af2bc5d6b53e9134e6f2fbb192e8b7735
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b39d094e4346a1121ba7ecad8a7144e0f6f09955f33cbede903b94461c05b8cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04916AF3F116244BF3444929DCA83A22253EBE5320F2F42788A9D6B7C5D93E5D0A9284
                                                                                                                                                                                                                          Function 0051B510 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2d79642ae3948854e79b8b992c2db374cdc29baa0787e89a1670a3960088723b
                                                                                                                                                                                                                          • Instruction ID: 9c5b6a38b04a68289ac77c10449371788072f0cd816428451c5a22105cde69c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d79642ae3948854e79b8b992c2db374cdc29baa0787e89a1670a3960088723b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC91AFB3F001254BF3544D29CC583A27693EBE5320F2F82788A5CAB7D5D93E9D4A9784
                                                                                                                                                                                                                          Function 004304C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                          • Instruction ID: 31bd09e71141362f04eac73b58bbdffd25f62549a243a7af6738423ec358773f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAB16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                          Function 004821CD Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 53811b7aed86be397f71040023fb4b7cad8d34105447b5a39f28bc9a815d718a
                                                                                                                                                                                                                          • Instruction ID: 92ba9a7430672e268c870ce7b7b36d34c2b5d7623ea6bec1aa51bba7bf9dca8a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53811b7aed86be397f71040023fb4b7cad8d34105447b5a39f28bc9a815d718a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 279189B3F116254BF3584928CC993A23653EBD1314F2F82388B4D6B7C5D97E6D0A9288
                                                                                                                                                                                                                          Function 0049E2FD Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4fe2d9a5fd32ce57f6bfc48ff58a546183ad119cd7b5ad0b2fa97ec01070738b
                                                                                                                                                                                                                          • Instruction ID: 78433fade590c109ba52162cbb5ba748667005613aa2aca00347526e4e7d3e08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fe2d9a5fd32ce57f6bfc48ff58a546183ad119cd7b5ad0b2fa97ec01070738b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE913BB3F1162547F3444979CC583A27693EB91324F2F82788E586B7C5D93E9D0A5388
                                                                                                                                                                                                                          Function 0052B2BE Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ce182e8c339789cb66be3acae93c59254ea30031e8418e8e57faebd061bd20dc
                                                                                                                                                                                                                          • Instruction ID: 11ca22d52a342d5c8fe2da85988db8b68f92f86938809f8d65c1b41fb7b8cf0a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce182e8c339789cb66be3acae93c59254ea30031e8418e8e57faebd061bd20dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29919BB3F102254BF3544979DC983A26683ABD5320F2F82388E5DAB7C5D97E9D0A53C4
                                                                                                                                                                                                                          Function 004F0237 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c98cec416adcaf9f619de65caaf0caea6e0b270701a0f156af4a43bbeb1e4aba
                                                                                                                                                                                                                          • Instruction ID: 28bf810b1ab50aa066b089f58e6a644995626e1514738531634d0c0616a5d6ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98cec416adcaf9f619de65caaf0caea6e0b270701a0f156af4a43bbeb1e4aba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23818BB3F2162547F3584878CCA83626683ABE5325F2F423C4B99AB7C5D8BE5D094384
                                                                                                                                                                                                                          Function 004D0251 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b21f2bfaef3f71c78392fdccd9a1d86f93c440943125d79bdf882af9a8513650
                                                                                                                                                                                                                          • Instruction ID: 981b626469ed7471855042f54b43f356f7f4bd116bfa5658f79fc2b9c46699aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b21f2bfaef3f71c78392fdccd9a1d86f93c440943125d79bdf882af9a8513650
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A49199F3F116254BF3144929CC983627643AB95324F2F42788F9C6B7C6D93E5D0A9388
                                                                                                                                                                                                                          Function 0050B184 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ecb4a4d0d6e630dc021b9171fee0bbd9f0efb0301506283f230a6203921c48b9
                                                                                                                                                                                                                          • Instruction ID: 7c1215284e83138077262f35290296434ebc7a1423a45f23ba290aac0c30fa85
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecb4a4d0d6e630dc021b9171fee0bbd9f0efb0301506283f230a6203921c48b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2817AB3F102244BF3544D69CC983A27692EB95321F2F82798E99AB7C5EC7E5C0953C4
                                                                                                                                                                                                                          Function 00450460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 3b15254319cf19bb10d09d6c04294b9031e7c650c04541e7dd3f248ab154dc94
                                                                                                                                                                                                                          • Instruction ID: 3d91aa87d10d473e59842ee2fd38413bd89e75bf7cb444383a27d20b7aaf3b3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b15254319cf19bb10d09d6c04294b9031e7c650c04541e7dd3f248ab154dc94
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B6126396043019BD714DF18C89063FB7A2FBC5722F19852EED858B392EB34DC65878A
                                                                                                                                                                                                                          Function 0048708A Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 339cab8e8f76079df54cd2f7a89fcb3274fde459ea235a142331931bd7311fe2
                                                                                                                                                                                                                          • Instruction ID: e541e54726410ddd592cdf3818f8b9a1fce2cf5d48928f239992665c81cff3ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 339cab8e8f76079df54cd2f7a89fcb3274fde459ea235a142331931bd7311fe2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE818AF7F116254BF3100D28DC983A1A683EBE4325F2F42788E9C6B7C5D97E9D0A5284
                                                                                                                                                                                                                          Function 004DA38D Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 516d1cf83b664f04881423d58b7613b8b2c79a9f3fe6053e61028f9169f7ef70
                                                                                                                                                                                                                          • Instruction ID: 9cefe8fbf7820084e24261d8f131e7fc7c2f73611b1d590eeeeaa077f9bb1cdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 516d1cf83b664f04881423d58b7613b8b2c79a9f3fe6053e61028f9169f7ef70
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E81AEB3F215254BF3544D28CC58361A693ABD5320F2F82798E9C6B7C9D93E6D0A93C4
                                                                                                                                                                                                                          Function 0050D427 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2e942e91b603e98254149d10942ea2ca327f8301b1142bfe39e6910de45bce10
                                                                                                                                                                                                                          • Instruction ID: b7bb80a7f02bc236dd594f2d0d2e99722109ac2b1cbf5435bef8a151efc9acd5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e942e91b603e98254149d10942ea2ca327f8301b1142bfe39e6910de45bce10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15816AB3F1122947F3404E68DC943A17293ABD6325F3F41798E582B7C1DA7EAD4A9384
                                                                                                                                                                                                                          Function 00514366 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0257f7adff711d232d6794504a2475dd3b40b4658f76f042a09ee13c728a48e3
                                                                                                                                                                                                                          • Instruction ID: 4f85ef4316ae842e785cd4f95d88ec83d0fa86539ab6133cd3e5e71f36e41bda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0257f7adff711d232d6794504a2475dd3b40b4658f76f042a09ee13c728a48e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1181ADB3F2162547F3944D78CC583A26282EBE5315F2F81788E88AB7C5D93E9D0A53C4
                                                                                                                                                                                                                          Function 004F31D7 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 392093a485fcafc3dd1bbf197d77c3f7598aa0f0ba5c61f09ecc36d52412eab3
                                                                                                                                                                                                                          • Instruction ID: 30d8d4bd10d7de29266f7e48f057fd317a43ff4612db0f312e4c5ffde2acc677
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 392093a485fcafc3dd1bbf197d77c3f7598aa0f0ba5c61f09ecc36d52412eab3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 988147B7F111244BF3404968CC48362B2939BD5325F2F82798E5CAB7C8D97EAD0A93C4
                                                                                                                                                                                                                          Function 0047B339 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f3306a0bc152ea2236b7ab740a5ae340f3e2a7f0dca90a8927f83dbbdb86ec98
                                                                                                                                                                                                                          • Instruction ID: 6169785ee341b96bfb7a368976faab450713f4ddf6003776302ff4272c9ed889
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3306a0bc152ea2236b7ab740a5ae340f3e2a7f0dca90a8927f83dbbdb86ec98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04818CF3F5162547F3444838DDA83A26642A795314F2F82388F9DAB7C6D87E9D0A53C4
                                                                                                                                                                                                                          Function 004723C9 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e12638f2994188f610fc1d3f8f50f61f662cb4a71edc977420830c8cd973ef29
                                                                                                                                                                                                                          • Instruction ID: 3fc15aa2fe2676cea4794114fd84add115d64dc16bfb9905613000d365d887d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e12638f2994188f610fc1d3f8f50f61f662cb4a71edc977420830c8cd973ef29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A818CB3F116204BF3540938CD583626A92AB91725F2F82788E986BBC9DC7E5D0A53C4
                                                                                                                                                                                                                          Function 00517445 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f3e469d22b49b95dfe48bf1ccaaeed04c4f53d5dab77cb1c8db8aba17f164bbb
                                                                                                                                                                                                                          • Instruction ID: a3088e849373763d658bca90febb768cbf7946f1cd14ab8dc9002b983de565c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3e469d22b49b95dfe48bf1ccaaeed04c4f53d5dab77cb1c8db8aba17f164bbb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F818FB3E1022447F3904D28DC98362B692EB95310F2F417D8E986B7C5D97E6E0997C4
                                                                                                                                                                                                                          Function 004FB139 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 56424f7fcfdaa8994471b9aa90500daa6d7979bf9383cf48f9b5331ee4020044
                                                                                                                                                                                                                          • Instruction ID: 959b688a032d9c60158d00af520ccc72a0d8124d0fe8a42ba2cc2c420b7f8d54
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56424f7fcfdaa8994471b9aa90500daa6d7979bf9383cf48f9b5331ee4020044
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D881A2B3F116254BF3544D29DC883527683ABE5320F3F81788A9CAB7C5D93EAD0A5384
                                                                                                                                                                                                                          Function 0044C5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 057defda95837941a0c3c9625fbd10a6c914692d25fdf229083c1e190a2bd401
                                                                                                                                                                                                                          • Instruction ID: 6cfcac5dc703b6370b87450d7aa02a3296e477298db1c7da7557136cbcf1d573
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 057defda95837941a0c3c9625fbd10a6c914692d25fdf229083c1e190a2bd401
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E516B75A0A3054BE758AF28D88062FB7D2ABD5310F1DC97EE4C597391E6359C018B8D
                                                                                                                                                                                                                          Function 004E044D Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b9c56c2034c1c07ca32c82de62eea3ff1566eb86eb9345f98687af41d37fb496
                                                                                                                                                                                                                          • Instruction ID: ff235bdfcffdfe04124660b78348f54b306058035dcb4460d7d2e38f27ae1f90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9c56c2034c1c07ca32c82de62eea3ff1566eb86eb9345f98687af41d37fb496
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7381BEB3F1122587F3544D29CC983A27693ABD5320F2F42798E8D6B7C4D97E2D0A9384
                                                                                                                                                                                                                          Function 004964EE Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 649c7bd34fc2cef51d14afedf2df02528c30ebd09096b00cb6fd3b41989a2cc1
                                                                                                                                                                                                                          • Instruction ID: bf8c620e1ae28889e92bbfa0c277b988aed53e8c1dcf8e7cf7bbbfaf6b538616
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 649c7bd34fc2cef51d14afedf2df02528c30ebd09096b00cb6fd3b41989a2cc1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6818BF3F102254BF3544D28DC583627693EB95321F2F41798E48AB7C6E97EAD0A9384
                                                                                                                                                                                                                          Function 004BA1EE Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3d81916e35ab852eb097bf0cb4f65739d0732ee66a1b3991679e80032bce1054
                                                                                                                                                                                                                          • Instruction ID: 4f6fa8b625513e03851bd15fdbe2231f84ba6c5b605f47c6b572e2205ab15519
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d81916e35ab852eb097bf0cb4f65739d0732ee66a1b3991679e80032bce1054
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1881CFB3F102354BF3544968DD483A17692AB95310F2F82798E4CBB7C5D97E6D0A93C4
                                                                                                                                                                                                                          Function 0052D41A Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 35797010b6e47c7f197e615589e141de130727af72bdc4595738e070490b6278
                                                                                                                                                                                                                          • Instruction ID: 7858c9bf1cbb75c42edbd44b446aedcc80cd61366a805a167dfc589be806028c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35797010b6e47c7f197e615589e141de130727af72bdc4595738e070490b6278
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 948159F7F2062447F3584828CD983626582DBA5325F2F82798F5DAB7C9DC7E9D0A42C4
                                                                                                                                                                                                                          Function 0050F302 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36e995293f5badb5e5e899b8082fa7cf8a4cfeb0999abf0ca88d1ce2f725575a
                                                                                                                                                                                                                          • Instruction ID: a9320e1a7a7bc1be2b9fdd5e704a329514de0608d30efd3a9b89f7152cd59120
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e995293f5badb5e5e899b8082fa7cf8a4cfeb0999abf0ca88d1ce2f725575a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA818CB3F116254BF3544D39CC583A12283EB95320F2F427C8E996B7C4D87E5E0A9384
                                                                                                                                                                                                                          Function 004FF448 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4a4db15ea5ada3177540e5472616fa0c7a2dcf141edcf91fad5733d16d72efbf
                                                                                                                                                                                                                          • Instruction ID: aae01afb483a5892485195f4560b0bf21a076d7a6ffa10781238ec713a319be1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a4db15ea5ada3177540e5472616fa0c7a2dcf141edcf91fad5733d16d72efbf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 048169B7F116254BF3944D28DC583A26682A7D5321F2F82788E9C6BBC9DC3E5D0A5384
                                                                                                                                                                                                                          Function 00519056 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8a3f8677d92704cca3f20a2f18740329c23a3b24883922916e16b369608dad15
                                                                                                                                                                                                                          • Instruction ID: 3d7c1812b993bf66b4b5f3c32366ff8013a3554632c7af494dfcedd965440ba9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a3f8677d92704cca3f20a2f18740329c23a3b24883922916e16b369608dad15
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4681D3B3F5022547F7544D28DC983A2B682EBA5320F2F41788F496B7C5D97E6D0A93C4
                                                                                                                                                                                                                          Function 004DC56D Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec16b1096944c691c7ab8db49178cc224f556eb6a1e0845ba661412aef76c265
                                                                                                                                                                                                                          • Instruction ID: 4714e96b3cc23db282b33695eded6507b89773f9b0a1bb3cc8aa9f4d83343829
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec16b1096944c691c7ab8db49178cc224f556eb6a1e0845ba661412aef76c265
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B8179F3F102144BF3484D78DDA83626682EB99314F1E827D8F59AB7C5D87E9D099288
                                                                                                                                                                                                                          Function 004CC456 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f103cee846342163868980a295adceacfe505d6de75a85e46a2cda6f122005f3
                                                                                                                                                                                                                          • Instruction ID: 2a0250b5e4ba78e31945d0dcb25661bbfa6f1bb19a30ffadb38d9be76bcf89ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f103cee846342163868980a295adceacfe505d6de75a85e46a2cda6f122005f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97816BB3F102254BF3544D79CC983A27693EBD5314F2F82388E496B7C5D97E6E0A5284
                                                                                                                                                                                                                          Function 00515270 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a9ab9bf2ce1728dae103c01fa52c07c95107cd76a344128e92d3ba185747d70b
                                                                                                                                                                                                                          • Instruction ID: 0f7335246c56e3d208b2a4da427b09cf3cade49cf81c7b0a60fa7501c17389c0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9ab9bf2ce1728dae103c01fa52c07c95107cd76a344128e92d3ba185747d70b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84719FB3F2162047F3544929CC693A22683EBD5310F2F82798F8DAB7C5D97E5D0A5384
                                                                                                                                                                                                                          Function 004AE4EC Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4c4fe05f530b2f2e3a2c483786607153fc8f162edf825baa122173f259e0c4af
                                                                                                                                                                                                                          • Instruction ID: 9e419360611d60cbb148a63e0d8b39b8173db2407a460f37d9d4ca455b00a377
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c4fe05f530b2f2e3a2c483786607153fc8f162edf825baa122173f259e0c4af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55819DB3F216254BF3404978CD883917692EBD1324F2F42798E58AB7D4D97E6E0A9384
                                                                                                                                                                                                                          Function 004A61CA Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6691d798781c28859f6ee8fc24c8db7f1913da04be52bfea37582c838eb8c771
                                                                                                                                                                                                                          • Instruction ID: c745835668a27ab4bfddc8dba2319049263e1c22f6bd1a7b99e86372fcc88593
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6691d798781c28859f6ee8fc24c8db7f1913da04be52bfea37582c838eb8c771
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B81BDB3F116244BF3444D68CC983617682EBA5314F2F827C8F896B7C5D97E6D099388
                                                                                                                                                                                                                          Function 004A9025 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e406d6e233b34cb12a02447fab837a34deb000f3698d06f60431243f082f51a4
                                                                                                                                                                                                                          • Instruction ID: 11ddc24eab03c936a06367dfa03a88ad1f309f2245ba1a3db534e6aae21a3525
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e406d6e233b34cb12a02447fab837a34deb000f3698d06f60431243f082f51a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F27167B3F1162447F3980929DC983627682ABE5324F2F427D8E9DAB3C1D97E5D0A5384
                                                                                                                                                                                                                          Function 004D70E7 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 29dd1bbcb6ae252f690faf429541910e127d7adeda4b250d97aad6f4a04e6433
                                                                                                                                                                                                                          • Instruction ID: ff50fc2b73ca8d88f95a60e80a8aa30414b87ac1eeeeeaeeaf6f93a562723f79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29dd1bbcb6ae252f690faf429541910e127d7adeda4b250d97aad6f4a04e6433
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A271CEB3F112254BF3504D29CC883A276839BD9724F2F82798E9C6BBC5D97E5D069384
                                                                                                                                                                                                                          Function 004D3337 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1e645d89f3efc36b80cfa19e296da39c730833bcecdc48c0a577045e3387a8fc
                                                                                                                                                                                                                          • Instruction ID: a641d9ec92491cf5723cddb1d88634907b1d553e6ab86162f144996b4d0d7e71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e645d89f3efc36b80cfa19e296da39c730833bcecdc48c0a577045e3387a8fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3871A8F3F2022447F7484929CC983627293EBD9311F2F82798B596B7C9D97E6D095288
                                                                                                                                                                                                                          Function 004CC0AB Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e2ac9afa42a7d0d8b2cea7704d8b42512b6e5ddda77884870de171321e1a579a
                                                                                                                                                                                                                          • Instruction ID: b0256854ba58ad68b0ae92d29d5f634d61e5588eae208a55a3fbbb9d601a179d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2ac9afa42a7d0d8b2cea7704d8b42512b6e5ddda77884870de171321e1a579a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 497179B3E5023547F3644929DD9836266829BA5320F2F83798E9C7BBC9D87E1D0A53C4
                                                                                                                                                                                                                          Function 0052F21C Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e8057a3de15c5b67892901f09f49e7642a01aef0e271c5bf1f22ee72f5460174
                                                                                                                                                                                                                          • Instruction ID: 5bb71edbe2d686667120325ce530edfd5d67d199fd6a8e991deae13ed9df8c8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8057a3de15c5b67892901f09f49e7642a01aef0e271c5bf1f22ee72f5460174
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5571ABB3F102244BF3508D69DC983527693ABC5321F2F82798E4CAB7C5D97E5D0A9384
                                                                                                                                                                                                                          Function 00530467 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9552bee13e18d9e5aba4081c4ae0e3887cabe4ce79bc9518a76c47355e294cd8
                                                                                                                                                                                                                          • Instruction ID: cabb8cdd1c595ab4ca38bb4aab2085425fcd660b8c2a75e349645deca6234215
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9552bee13e18d9e5aba4081c4ae0e3887cabe4ce79bc9518a76c47355e294cd8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07715AB3F2162547F3944928CD583A27693EBD1325F2F82788E886B7C4D97E5D0A93C4
                                                                                                                                                                                                                          Function 00520467 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4b6dabedae2dc50cd2218d7bf36138e147c195d83763c40e20dbbd2637f02d0b
                                                                                                                                                                                                                          • Instruction ID: 6a88b1b3984fbb98a3007b819ec076959996a435f6ab7f58cea22838a86135f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b6dabedae2dc50cd2218d7bf36138e147c195d83763c40e20dbbd2637f02d0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C71DFB3F112248BF3444E28DC983A17293EBD5321F2F82798E586B7C5D97E6D099384
                                                                                                                                                                                                                          Function 004CB4A0 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 428e91380c8262f9ecd24a3d2719b71b169ed006785080adad371e3b426035f4
                                                                                                                                                                                                                          • Instruction ID: 1fc01825d79764aa044636b06f5757b73b466a00bf8022680385b89c11b3acf4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428e91380c8262f9ecd24a3d2719b71b169ed006785080adad371e3b426035f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F7169B7F116214BF3504D39CC983A26A839BD5320F3F82798EAC677C5D87E5D0A5284
                                                                                                                                                                                                                          Function 0049A570 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 127b2407d692a2b393137975c48292e46e056c6a9fb77618a1a47490a9ed22fe
                                                                                                                                                                                                                          • Instruction ID: 6eda964e8e03b87e251b1a6b9aabc78e184ccb964a6d81f8bce0fff610520473
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 127b2407d692a2b393137975c48292e46e056c6a9fb77618a1a47490a9ed22fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11718DB7F116354BF3904D68CC583626682ABE5324F2F82788E9CAB3C5D87E5D0A53C4
                                                                                                                                                                                                                          Function 004F1216 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b5b51c72bec97c24fe0c06ef5b9f5dbda7e23eec2b9614af05a7c57870f2c78f
                                                                                                                                                                                                                          • Instruction ID: da6ed2a50abdec92d91254f7dc76a040d7b8ea1dafb46d865618daceef6ff414
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b51c72bec97c24fe0c06ef5b9f5dbda7e23eec2b9614af05a7c57870f2c78f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40718CB3F216258BF3444D28CC543627692EBE6321F2F82788E596B3D5D93E5D099384
                                                                                                                                                                                                                          Function 004D1452 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e7e8400c5f5966171650bc550effadb44593611059b97858825bc65602aa9173
                                                                                                                                                                                                                          • Instruction ID: 2eb279efa24c7c22683fb579e2fdc9743a2909aa5c0eba775fa36d623a9f7202
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7e8400c5f5966171650bc550effadb44593611059b97858825bc65602aa9173
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B717CB3F1162647F3904D29CC583A26683ABD5325F3F82788E9C6B7C5D93E5D0A5388
                                                                                                                                                                                                                          Function 004B41A1 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f2ba9658b66776298c776736e431bf431255b39ea937e5ed2a225440731d2e18
                                                                                                                                                                                                                          • Instruction ID: ad5132d0ab90b90e30159c1fcdc5c7efbe419fef22e2543366a07260022e93fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2ba9658b66776298c776736e431bf431255b39ea937e5ed2a225440731d2e18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A715BB3F1063547F3504969CC883526293ABE5321F2F82B88E9C6B7C9D97E5D0A53C4
                                                                                                                                                                                                                          Function 004C8282 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1d0ebff77c8e5348fec92ee8befe64c80d78c471629bac05919a2ab4d5d3301a
                                                                                                                                                                                                                          • Instruction ID: 436069170058ccb14378fa8fb8ea16b4dd4ac796f32f7f0c8f737a9fb1fef022
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d0ebff77c8e5348fec92ee8befe64c80d78c471629bac05919a2ab4d5d3301a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C71A573F1122547F3944D28CC983627652EB95311F3F427C8E58AB3C4D97E6D0A9784
                                                                                                                                                                                                                          Function 00533438 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6aad73573c3e039c9ca00843f919f1957853a9c134d08847f35a913b576f6203
                                                                                                                                                                                                                          • Instruction ID: 31e5bc5f2129ed011d05b7b2f68c338f5bd54c7e82c7444b367f28452b2b7f57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6aad73573c3e039c9ca00843f919f1957853a9c134d08847f35a913b576f6203
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3371D2B3F606244BF3440E24DC983A17792EB95310F2F417C8E59AB7C5D97EAD099384
                                                                                                                                                                                                                          Function 004BF159 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 59c4ca4ecca7e1469489220c67900f3fb8942f37f3ccfc06b5400d53c50c4b7b
                                                                                                                                                                                                                          • Instruction ID: 3f4c360be39a582ff9070be82bbedccbd8203b6a8579230872f59e3dd8a53dc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59c4ca4ecca7e1469489220c67900f3fb8942f37f3ccfc06b5400d53c50c4b7b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D719AB3F1162547F3504939CC583A2668397E5324F2F82788E9C6BBC9DD3E6D0A8384
                                                                                                                                                                                                                          Function 00528367 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e2ece68cf2334daa3f55695821eda449fb3c8a0b61ec7203821ab1c68b6025f1
                                                                                                                                                                                                                          • Instruction ID: 0c937fcb3dcbfc19607d45b13f1ef94a09729e0f24bb3b6488b3b86242e99f37
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2ece68cf2334daa3f55695821eda449fb3c8a0b61ec7203821ab1c68b6025f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D719DF3F1162447F3440978CC583926683D7D5325F2F82788E58AB7C5D97E9E0A4388
                                                                                                                                                                                                                          Function 004A8100 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1f7d155e569fe50dabdd813c4140c886f6459db3e296d152a34733cda9c7ae95
                                                                                                                                                                                                                          • Instruction ID: d3c85b2e4d4458f0cb909ceb0f0ccce6bd7c8950624b0edd4c91f5b4b8a0dda4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f7d155e569fe50dabdd813c4140c886f6459db3e296d152a34733cda9c7ae95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA618CB3F116204BF3444D69DC943527683ABE9325F2F82788E98AB7C9ED7D5C0A4384
                                                                                                                                                                                                                          Function 005011EF Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a2ac6be1a9bbea0cabb0960410ea320e34e4167ee4931ed0c8759ab57dc128a6
                                                                                                                                                                                                                          • Instruction ID: 613de8a9ab4a918262f6b3234201fec7251e331fa8d142d3c0d9d1f093450c1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2ac6be1a9bbea0cabb0960410ea320e34e4167ee4931ed0c8759ab57dc128a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A719FB3E106354BF3A44D28CC943A2B692EB95324F2F42788E9C6B3C1D97E6D0957C4
                                                                                                                                                                                                                          Function 0052E2FD Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6564cb8265c5bee74aecdaedd0762ae4c41a003292d13a42b36262a4a1a260b7
                                                                                                                                                                                                                          • Instruction ID: d4227075d274035d8e8defc4c4b5639a88eaca18493e5bb29b0e47a5f595852b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6564cb8265c5bee74aecdaedd0762ae4c41a003292d13a42b36262a4a1a260b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7471ACF3F1062547F3544D38CC983726682EBA5315F2F82798F896B7C9D87E6D0A5288
                                                                                                                                                                                                                          Function 00501533 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f7c2c82e6c84cdafc0ef1e80e1e30fa48c578ad649e2a04eabb1c05f4d0d493
                                                                                                                                                                                                                          • Instruction ID: ea0e3b71dd257002f453643a34b8b3130b90ac0fb24bdd97084619b4ddb5096b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f7c2c82e6c84cdafc0ef1e80e1e30fa48c578ad649e2a04eabb1c05f4d0d493
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1616BB3F116254BF3940939CC943A26683ABD5324F2F82788E98AB7C5D97E9D095384
                                                                                                                                                                                                                          Function 004ED0E0 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 250ef3831d4f01aa0dfd76ac38964b15b49ce155a9ef872da0438b334990345f
                                                                                                                                                                                                                          • Instruction ID: 2f60d2016217dc6fadd4c9c3d334d029d77a40a7cda0960638a555751723441c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 250ef3831d4f01aa0dfd76ac38964b15b49ce155a9ef872da0438b334990345f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1618AF3F116254BF3884978DCA83627682ABA5320F2F42788F5D6B3C1E97E5D095384
                                                                                                                                                                                                                          Function 004D434E Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3737728e7c141d1136188a60299ebe956d121ffcbb8f51a71d27408300ad74c9
                                                                                                                                                                                                                          • Instruction ID: 76cd497faf3dea2a5cf462a5b9cd7304443fa6d8bd8408c65edcb095bb613aba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3737728e7c141d1136188a60299ebe956d121ffcbb8f51a71d27408300ad74c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 026180B3F215244BF3844929CC583627243E7D5321F2F82798A8C6B7C9DD7EAD0A9784
                                                                                                                                                                                                                          Function 004CE325 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f3dba4fdd5fc1a0353e86d3a6e31e6426e48e7bde21b69570e86b68b9aacd9e9
                                                                                                                                                                                                                          • Instruction ID: 9e7cacf92f95e0e536271c07a50f5001a28f0b428323cc48dd95d578471042d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3dba4fdd5fc1a0353e86d3a6e31e6426e48e7bde21b69570e86b68b9aacd9e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261CCB3E1063147F3544978CC483A2B292A799325F2F82788E9C7BBC5D97E6D0993C4
                                                                                                                                                                                                                          Function 0050A1A8 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5b1aac612f877bfe30d103084d62d8e2d67bdf8ed22c4df84ffb3e42ef0f2d18
                                                                                                                                                                                                                          • Instruction ID: b581c5a07e6ed66066a3495fdaf880760d15612d47b485855531bcc0bab5e9d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b1aac612f877bfe30d103084d62d8e2d67bdf8ed22c4df84ffb3e42ef0f2d18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55616CB3F2162547F3504D69CC483917692EBD5321F2F82788E8C6B7C5E97E6D099384
                                                                                                                                                                                                                          Function 004CB1B6 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f5c8c8f0d882c7b8799f69375c5a3b869723eea1091f5e4ff5b9719e6a99a710
                                                                                                                                                                                                                          • Instruction ID: cd9b352a5f6b91278173ffd769ab24d9e02576b00029eea868de0283004ab2d2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5c8c8f0d882c7b8799f69375c5a3b869723eea1091f5e4ff5b9719e6a99a710
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11618CF3F1122547F3484E28CC593617292EB99315F2F817D8E89AB3C4E97E6D1A9384
                                                                                                                                                                                                                          Function 0049D552 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2328d408a29154b77b884e3ee14de2f10f771b2305a8aa5ad14f25038e554dec
                                                                                                                                                                                                                          • Instruction ID: 1599d66a0d7a4a2875dff8a9181e6c80d5eba18930026f437d06fe8ff726d5ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2328d408a29154b77b884e3ee14de2f10f771b2305a8aa5ad14f25038e554dec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F61AFB3F216218BF3544D38CC583617692EBA5321F2F427C8E886B7C5D97E6D499384
                                                                                                                                                                                                                          Function 004A6560 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6fbefed5926cb0e1ffe0f8637b264817164c99f9ac7b68dd7fec3cf50e623767
                                                                                                                                                                                                                          • Instruction ID: 4faa968dd02c0b932250f5b764e557c48606e54477da8e3828a2d3574ff7b8ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fbefed5926cb0e1ffe0f8637b264817164c99f9ac7b68dd7fec3cf50e623767
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67619CB3F112158BF3444E24DC943A17393EB96314F2F42798A49AB3D5DA7E6D0A9384
                                                                                                                                                                                                                          Function 004EB35E Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: adbf7b03b0cc3609f73f9a5d96147f8ffaed98ac051c87b613f845a4a5e12dbc
                                                                                                                                                                                                                          • Instruction ID: fd2896788c6fb42cf1fbfa6f004a8627dbf2bd5a86aafbafbb114c99f2733770
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adbf7b03b0cc3609f73f9a5d96147f8ffaed98ac051c87b613f845a4a5e12dbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7515AB3F2161547F3540D28CC583627683EBD1324F2F82798A89AB7D5E97E9D0A5384
                                                                                                                                                                                                                          Function 0043F377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f479d43bb6eb5cf85aaab5444981561138cbfda68363370765b21a751a590232
                                                                                                                                                                                                                          • Instruction ID: 2778fcda3169f3020fa89594e7ba6be2e3243e4bff3191b380cc51a049abf68b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f479d43bb6eb5cf85aaab5444981561138cbfda68363370765b21a751a590232
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A161F972744B418FC728CE38C8953E7BBD29B99314F198A3DD4BBCB395EA78A4058705
                                                                                                                                                                                                                          Function 004C94BF Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3350d4d71b766cacc844a9c57649a4afd5cd1139dabfff4d87dfca88c2124dfe
                                                                                                                                                                                                                          • Instruction ID: f5282b1fb997bff49344dcc66e81d677de0b014c2eb8c67a0f2bb4594f35087f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3350d4d71b766cacc844a9c57649a4afd5cd1139dabfff4d87dfca88c2124dfe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E51BFB3F6062547F3444878CDA83A22583EBD4304F2F82398F899B7C9D8BE5D0A5284
                                                                                                                                                                                                                          Function 00520192 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b075ecc7da4ea6f8672cd5027ce6a6386ce4230dfde8187307a1783167b189a0
                                                                                                                                                                                                                          • Instruction ID: cd7cc410419c9b8f35f91098de2cc76c3ee281912be465eb31f368cfcf89a7d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b075ecc7da4ea6f8672cd5027ce6a6386ce4230dfde8187307a1783167b189a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52519DB3F116244BF3804934CC483A27683A7E1325F2F82788EA86B7D9DC7E5D0A5384
                                                                                                                                                                                                                          Function 004F830E Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5dbd386fe42df6b5a440030cb215b618fd765f7ca9af98297c20a966c48dbda9
                                                                                                                                                                                                                          • Instruction ID: 923ff1788d4fbcd56996974747d956a63575a6c2e8236efec1a116a2649c861d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbd386fe42df6b5a440030cb215b618fd765f7ca9af98297c20a966c48dbda9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D517CB3F116254BF3944928DC583627283DBD5325F2F82788E9D6B7C5E83E5D0A5388
                                                                                                                                                                                                                          Function 00487480 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5bf668cc7a36b9d2d71e4989ca686b76b04b9aca355a90b6281f8162e525fdef
                                                                                                                                                                                                                          • Instruction ID: f932071e37ffc38b1eb244a07609426e771e0595a00c88ebdfcbb11af3650c7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bf668cc7a36b9d2d71e4989ca686b76b04b9aca355a90b6281f8162e525fdef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED518BB3F112254BF3544938CC543A27693ABD5321F2F42798E8DAB7C1E9BE9D0A5384
                                                                                                                                                                                                                          Function 004A93AE Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6cc9e3d9d9bba1b75051f17072e007767b87dd61e5a4a59f7209673a8ca77ee9
                                                                                                                                                                                                                          • Instruction ID: f2d8aeb0a635772fe41dbd7c4e1b940ac02bd2c2271c203ef5ee7de83b50ab46
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cc9e3d9d9bba1b75051f17072e007767b87dd61e5a4a59f7209673a8ca77ee9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B516DB3F516204BF3944D28DC983627282EB96321F2F82788E9C6B7C5DD7E5D099384
                                                                                                                                                                                                                          Function 0049F593 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c8808fb35aba3e171ca5d8667b765e63afc0b93fc29352553a73075c0ad919c
                                                                                                                                                                                                                          • Instruction ID: c6fcd54973f086041ba2a58e9c501b9ac702f144bcecf7079b0a2f9f0d8b960d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c8808fb35aba3e171ca5d8667b765e63afc0b93fc29352553a73075c0ad919c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08519CB3F116254BF3444D74CC58362B683EBE5311F2F82788E58A77C5D93E5D099284
                                                                                                                                                                                                                          Function 0044F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 08426b8e621c8fc730aed83fc5745069f4028d5e7857283b5e6e9c9ad0cb8229
                                                                                                                                                                                                                          • Instruction ID: 5aa6d5db696f8da3150bf488db35540c17b7a329a069871fa6cca526d6c94cbc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08426b8e621c8fc730aed83fc5745069f4028d5e7857283b5e6e9c9ad0cb8229
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66412A327187514FE718CE38889117BFBD2ABDA300F1D887ED8C2C7286D529ED0A8785
                                                                                                                                                                                                                          Function 004AF46B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cabc868df1d78c0fc09c9e9479fe6fcbacbe2cc2ea67cdc77ec8dbab36c8dacd
                                                                                                                                                                                                                          • Instruction ID: 89f510d0b2d3a545d1d981f7c204faa424336dd456e118c4d32ca583ca69af55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cabc868df1d78c0fc09c9e9479fe6fcbacbe2cc2ea67cdc77ec8dbab36c8dacd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9951B3B3F102254BF3544E69CC543627282EBA5320F2F827D8E9D6B3D5E97E5D099384
                                                                                                                                                                                                                          Function 004783E4 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 43b6ed580a2b4cf9d9667e06255afe60050c424d481a4b280cc4061ce7710bc9
                                                                                                                                                                                                                          • Instruction ID: 0d1a0adfbe4f126a630519f2a8d23842475c6784a8772e7738467b7677b6bc80
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43b6ed580a2b4cf9d9667e06255afe60050c424d481a4b280cc4061ce7710bc9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51BBF3F116244BF3444938CC583A27653ABD5320F2F82788A5C2BBC9D97E5C0A5384
                                                                                                                                                                                                                          Function 004E931E Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7b8016c95293267fe828be91417120e7ef71bfb0b08d3b96a5140526d4afea05
                                                                                                                                                                                                                          • Instruction ID: cb28ff33969948583c9d4976ae80559223129f8d36df68d27d22e8f22455946e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8016c95293267fe828be91417120e7ef71bfb0b08d3b96a5140526d4afea05
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A51A0B3F112254BF3414E55DC943617392EB99711F2E40BD8E886B3C0D67E2D4AE784
                                                                                                                                                                                                                          Function 0042B57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 880aa60f649927f806293e64c804f3dcca8e15d32a9c65050581c0d866900a5e
                                                                                                                                                                                                                          • Instruction ID: 303e5f75b9a9764b921afb9343e739a429038106b45cafb6e6bd1cfd72be42bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 880aa60f649927f806293e64c804f3dcca8e15d32a9c65050581c0d866900a5e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF3138606047A08BD7368B35A4A17337FE09F27309F98489ED1D38B293D62AD509C79A
                                                                                                                                                                                                                          Function 0049D2F6 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cb014db60b783ea804d6593b5e33bf27b7226564e1ee98a1dad20191b5fe9405
                                                                                                                                                                                                                          • Instruction ID: 05e91f9eb303e32a6ce42b0f446de09d3ca5c3769ca8868b0c70698b4a30712f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb014db60b783ea804d6593b5e33bf27b7226564e1ee98a1dad20191b5fe9405
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF5190B3F112244BF3940D24CC583A27683EBE5310F2F42798E896B7C5D97EAD0A5384
                                                                                                                                                                                                                          Function 00442070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f5e51267fed48a90cc3251df4fdea69b398f6e6f0ab6beaf605b69d594303c59
                                                                                                                                                                                                                          • Instruction ID: 40f1e652b8999d8284c0ced8d41e621181d603f9251d53d855bcaa3d9f88e1b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5e51267fed48a90cc3251df4fdea69b398f6e6f0ab6beaf605b69d594303c59
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A68152B450A3808BC375DF05D59869BBBF4BB85306F10892ED8886B352CFB8554DCF9A
                                                                                                                                                                                                                          Function 004972CA Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8be0d5017d2c83faa495bb8328f37b1b983582f521d736ab33559d8ee668b9f0
                                                                                                                                                                                                                          • Instruction ID: a057183bdcc667c21e71421a9de29de2f09bb2397f376806a78f59dc867c98fd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8be0d5017d2c83faa495bb8328f37b1b983582f521d736ab33559d8ee668b9f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA31A0B3F6012507F3544D78DD983666582EB81314F2F86388E4CABBC5D87E9D0A53C4
                                                                                                                                                                                                                          Function 0044A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                          • Instruction ID: d333559744902469938c4262fd96c105f888d6e58367e19fab63a1487f2a4804
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00314772A486044BE7098D3D4C9026FBA939BC5334F2DC33FEA768B3C5DA388C514246
                                                                                                                                                                                                                          Function 005031F8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9520e737a7795c37bba1247c9db639c0f95cd551114f9de09c1be317d2e69223
                                                                                                                                                                                                                          • Instruction ID: d34477d2d3d510d6ae0cd0c08cdaeb22babce091beeb4131df476f977894d225
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9520e737a7795c37bba1247c9db639c0f95cd551114f9de09c1be317d2e69223
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E314BF7E61A310BF3440874DD98362558397A1325F2F81798E1C7BBCAD87E5D0A52C4
                                                                                                                                                                                                                          Function 004EA1D2 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 540a25cdc47d5f1aac0a9ddc6b1105f4b7f58b64fb442f1d04a200ff7a95f1a1
                                                                                                                                                                                                                          • Instruction ID: 2825d784f4408fb0e330e92d4e817d6d124215f699ab42564575f8446a18f20d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 540a25cdc47d5f1aac0a9ddc6b1105f4b7f58b64fb442f1d04a200ff7a95f1a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2318DB3F116214BF3484878DD983A2A6439BD4324F2F82798E4C6B7D4D8BE6C4A43C4
                                                                                                                                                                                                                          Function 0048143A Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9dbcd2b1b170d4381607020bcb9a474f53681eea21896dc3df4200898648db4d
                                                                                                                                                                                                                          • Instruction ID: 6a9e265bbb7ede4903b544fb098a7b9e00507233c5e541b7ec24e2fd575e1dd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dbcd2b1b170d4381607020bcb9a474f53681eea21896dc3df4200898648db4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9316BB3F5113447F7580928CC643A2A283ABD5320F2F427D8E996B7C4D87E5D4A53C0
                                                                                                                                                                                                                          Function 005041E0 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 042405cf25fa26467f2a6877619b146aac229cdd06263f3902651c81d4d1d833
                                                                                                                                                                                                                          • Instruction ID: 4fe3c9184ef990252320ae7d42b26b41704ec20e961abce1a6756f6043cdd241
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 042405cf25fa26467f2a6877619b146aac229cdd06263f3902651c81d4d1d833
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E3160F3F5062603F39448B8DDD93A15582DBA4314F2F42398F58E77C6E8BE99095284
                                                                                                                                                                                                                          Function 004853A2 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2efcb56ba4d7e0b56666f3414e5c384759008e3444833b77b2df51f117a5092c
                                                                                                                                                                                                                          • Instruction ID: 0d7c38999b73e8229a3f5f0decef79566923eb10161514083230c53c2fb106cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2efcb56ba4d7e0b56666f3414e5c384759008e3444833b77b2df51f117a5092c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C131F3F3F1162047F7A84829DD6836655439BE6321F2F82389EAD2BBC5DC7E4C0A5284
                                                                                                                                                                                                                          Function 0047B198 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c133b8ae8dc6117ab7a28c1ce9c61e2f3601b7c688f25bd1ddb4dbef76c61282
                                                                                                                                                                                                                          • Instruction ID: 94265962c5e74885a15c811ad706d4d8ca6618cdb68b03211abb55f443c9f548
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c133b8ae8dc6117ab7a28c1ce9c61e2f3601b7c688f25bd1ddb4dbef76c61282
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 073113F7F126210BF3940864DC9836255439BE5328F2F82798F4CBB7C6D8BE5D0A4288
                                                                                                                                                                                                                          Function 0048D1F4 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e1ba8428f7f79d43cfea9d011103b67696426ec0894591b40d313d1501a591d2
                                                                                                                                                                                                                          • Instruction ID: eec16532d53aa052655f67669865914d8b46fc9a027154609a69f31ea6253f7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ba8428f7f79d43cfea9d011103b67696426ec0894591b40d313d1501a591d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0931E4B7E6152507F3544878DD58366554397D5328F2F83388FA8ABACADC7E9D0A02C4
                                                                                                                                                                                                                          Function 0048F186 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 754a2c4d34a4a16e7624886073a6f4e80ad6379ca4f5a893feda44268c760ddb
                                                                                                                                                                                                                          • Instruction ID: de75a780e6a5bc38f767e0cab987c62c64e62c43de6be989f17337b06e09071d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754a2c4d34a4a16e7624886073a6f4e80ad6379ca4f5a893feda44268c760ddb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C23110B3F5122107F7580879CDA93666583EBD4314F2F813D8B8AA77C9DCBE5D4A4284
                                                                                                                                                                                                                          Function 004D8345 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a4949053a695ee287b0df4fd0b8b0aebe88d86f039182979104124fea318e3a7
                                                                                                                                                                                                                          • Instruction ID: b5dd83870cb1ff481133ded0e2ec6c77d0b302234a6a89a8225150aeef1df3ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4949053a695ee287b0df4fd0b8b0aebe88d86f039182979104124fea318e3a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB314AB3F6192147F3908829DC893925583E7D4325F2EC1794E98E7BC9DC7E8C4A5380
                                                                                                                                                                                                                          Function 004B736A Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f4b5ecec85ddec8dc86f0452fe0a9b1b2bda8ef1ea5e4469feb45a77a1b1ef83
                                                                                                                                                                                                                          • Instruction ID: 893b6766543968a411f030f9950853abf471b7745020e058fd9b9f2ac0ad7757
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4b5ecec85ddec8dc86f0452fe0a9b1b2bda8ef1ea5e4469feb45a77a1b1ef83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7321A1B3FA1A2107F7544838DD59362258397E4324F3F823D8A4997BCAC87E9C065384
                                                                                                                                                                                                                          Function 004EC5C9 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ea5431e417df2dfd7eaf459adaf61d28104966fe9b39e2eaab68b164846b4740
                                                                                                                                                                                                                          • Instruction ID: e3e1d7c05f73d8a72f0297f7662d49ef746e94fb7e5e2dc34e4d611bdd9f5f0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea5431e417df2dfd7eaf459adaf61d28104966fe9b39e2eaab68b164846b4740
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B218EF3F406244BF3444838CCA83A6658387D5324F2F4178CE1DAB7C2E87E4D0A5280
                                                                                                                                                                                                                          Function 005141E7 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8562f404d02d878690ead67c999a9b463699cc5d5cc60d89725b0724802b56da
                                                                                                                                                                                                                          • Instruction ID: b0220c0f2c0fcdea578776c504e1b4100d13a0839c8d1e7d3fc4999560e07a19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8562f404d02d878690ead67c999a9b463699cc5d5cc60d89725b0724802b56da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 883135B3F506244BF394482AED983A22183ABD5324F2F81798E4C6B7C5C87E5D0B52C4
                                                                                                                                                                                                                          Function 004E73AC Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3ce42291870fa40d249963b76d94db3e4cba6b73f9a62a0974468cc76e3f4b6b
                                                                                                                                                                                                                          • Instruction ID: 11ae03878a95d6bc1f06006d3262755747885e7fca8bfd3ea3b19ef978566269
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ce42291870fa40d249963b76d94db3e4cba6b73f9a62a0974468cc76e3f4b6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 172104F3F506300BF7584839DE9936269829B95324F1F82798F1CB77C9D8BE5D0A5288
                                                                                                                                                                                                                          Function 0051B3BE Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 35015b8afe2826f06c7d0c26203b8cc49c2a32bf02884829a5a53c453a88171c
                                                                                                                                                                                                                          • Instruction ID: cc75bde18f79e93766ab2f8a1b7dab5843632e9390af85604183fee40a69eca9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35015b8afe2826f06c7d0c26203b8cc49c2a32bf02884829a5a53c453a88171c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F021CDB3F616254BF35408B4CC59362628397E6321F3F827A8E299B7C6DC3D9C0A4380
                                                                                                                                                                                                                          Function 004B403F Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e48b655f54aee90ca2a3ba2da6fed43b2545bf8333d6bedd99b3f15b61fa4ddc
                                                                                                                                                                                                                          • Instruction ID: b32b241e303645f3d0a8407799207c6b9accf940c8112c818b997bc22ccef2c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e48b655f54aee90ca2a3ba2da6fed43b2545bf8333d6bedd99b3f15b61fa4ddc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC214AF3F5152147F3988836CD993626543D7D1314F2FC2398B599BBC9DCBE880A5284
                                                                                                                                                                                                                          Function 0052C1E5 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 35cd001a79cff7f289775661479e2ca869f97f557b865258c5e9289ff4813204
                                                                                                                                                                                                                          • Instruction ID: 6f841e14fbc15bbb5b8b47dcdb2949c8862b6f9af90694dd81800e872de21302
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35cd001a79cff7f289775661479e2ca869f97f557b865258c5e9289ff4813204
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A2189B3F1222447F3940978CD9935266839BD5321F2B82798A6C2B7C4ED3D1E0A9288
                                                                                                                                                                                                                          Function 00480246 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae223330da584f81ef992db5be87fe9dec6d85cacf881fa8044a4ec62cedb445
                                                                                                                                                                                                                          • Instruction ID: a6d9294b0164b34e85630ae09a65305ae283576034b51ebdcbb65017f4a92f21
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae223330da584f81ef992db5be87fe9dec6d85cacf881fa8044a4ec62cedb445
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96219EB3F6262507F3884868CC543A26183D3D5324F2F827C8A289B7C6DC7D9D065384
                                                                                                                                                                                                                          Function 00446210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                          • Instruction ID: 0ee5e8d90f9bfe61dbfdce05095315fe1e04001b2e5e78f7b3f5f32c067380d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A511E933B051D40EE3169D3C8540565BFE31AD3734B1A43DAF4B89B2D2D6268D8E935A
                                                                                                                                                                                                                          Function 0042C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                          • Instruction ID: 3fe8b08dc19c211d324e9715e6688bcb9338a45fe8aae6e83252e67e0e534c56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF03160104BA14AD7328F398564377BFE09F13318F545A4DC9D3576D2D37AD10A8798
                                                                                                                                                                                                                          Function 0043E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                          • Instruction ID: c2595e38643eecf1a0dec84be37d6ee80abd5b5950d6936c756dbba8a7c8f55d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BF037104096E246DB23463E44507B3AFE09B57120F142BD688F1972C7C2199457C35A
                                                                                                                                                                                                                          Function 0043D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1729603319.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729585986.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729603319.0000000000455000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729649522.0000000000463000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.00000000006F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.0000000000700000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729664961.000000000070D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1729906027.000000000070E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730013980.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1730028095.00000000008B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_410000_2S6U7zz1Jg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3ac568a719c882361be55cb2bef8aca2a725cc7c25b503ce8ebd5e78f8ccdacd
                                                                                                                                                                                                                          • Instruction ID: 60bca142a340f8855b41b09bf0a6c2405eb85f514f0814405c6e8629c5d0f82a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ac568a719c882361be55cb2bef8aca2a725cc7c25b503ce8ebd5e78f8ccdacd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F01F9706442829BD304CF38CCA0567FBA1FB86364F08D79DC45687796CA38D442C799